Denial of Service in Konqueror CSS Parser of KDE 4.7.3
CVE-2012-4512

8.8HIGH

Key Information:

Vendor

Kde

Status
Konqueror
Vendor
CVE Published:
8 February 2020

What is CVE-2012-4512?

The CSS parser in Konqueror, part of KDE 4.7.3, contains a vulnerability that can be exploited by remote attackers. By sending a specially crafted font face source, attackers can trigger a denial of service condition, leading to a crash of the application. This vulnerability is related to type confusion, which may also allow them to read sensitive information from memory, exposing potential data leakage risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Konqueror 4.7.3

References

http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc
x_refsource_MISC
http://em386.blogspot.com/2010/12/webkit-css-type-confusi...
x_refsource_MISC
http://archives.neohapsis.com/archives/bugtraq/2012-11/00...
x_refsource_MISC

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.