vulnerabilities in KDE kdelibs
Vulnerability: Multiple vulnerabilities in KDE kdelibs
Danger: High
Availability of fixes: manual to eliminate
Number of vulnerabilities: 3
CVE ID: CVE-2012-4512
CVE-2012-4513
CVE-2012-4514
CVE-2012-4515
Impact: System Compromise
Affected products: KDE 4.x
Affected versions: KDE 4.C
Description:
Which can be exploited by malicious people to execute arbitrary code on the target system.
1. An error in the file in kdelibs khtml / css / cssparser.cpp processing source fonts in cascading style sheet (CSS). This can be exploited to cause a heap overflow and execute arbitrary code on the target system.
2. An error in the file in kdelibs khtml / imload / scaledimageplane.h in defining extensions canvas. This can be exploited to cause a heap overflow and execute arbitrary code on the target system.
3. An error after release of kdelibs in the file khtml / rendering / render_replaced.cpp while playing for the context menu widget iframe. A remote user can execute arbitrary code on the target system.
Manufacturer URL: www.kde.org
Solution: Install the update from the repository producer.
Links:
http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc
