CVE-2012-4540

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2012-4540
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2012-4540.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2012-4540
Related
Published
2012-11-11T13:00:54Z
Modified
2024-11-21T01:43:05Z
Downstream
Summary
[none]
Details

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.

References

Affected packages

Debian:11 / icedtea-web

Package

Name
icedtea-web
Purl
pkg:deb/debian/icedtea-web?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / icedtea-web

Package

Name
icedtea-web
Purl
pkg:deb/debian/icedtea-web?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / icedtea-web

Package

Name
icedtea-web
Purl
pkg:deb/debian/icedtea-web?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}