Multiple vulnerabilities in KDE kdelibs

Posted: November 1, 2012 in Vulnerabilities
Tags: KDE, KDE kdelibs, system compromise

vulnerabilities in KDE kdelibs

Vulnerability: Multiple vulnerabilities in KDE kdelibs

Danger: High
Availability of fixes: manual to eliminate
Number of vulnerabilities: 3

CVE ID: CVE-2012-4512
CVE-2012-4513
CVE-2012-4514
CVE-2012-4515

Impact: System Compromise
Affected products: KDE 4.x

Affected versions: KDE 4.C

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. An error in the file in kdelibs khtml / css / cssparser.cpp processing source fonts in cascading style sheet (CSS). This can be exploited to cause a heap overflow and execute arbitrary code on the target system.

2. An error in the file in kdelibs khtml / imload / scaledimageplane.h in defining extensions canvas. This can be exploited to cause a heap overflow and execute arbitrary code on the target system.

3. An error after release of kdelibs in the file khtml / rendering / render_replaced.cpp while playing for the context menu widget iframe. A remote user can execute arbitrary code on the target system.

Manufacturer URL: www.kde.org

Solution: Install the update from the repository producer.

Links:
http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

MALWARELIST.net – Your Information Security Source

Security Solutions Deals

Follow Blog via Email

Top 5 Best Blog Posts

Categories

Find us on Facebook