CVE-2012-4513

Published: 11 November 2012

khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.

Priority

Low

Status

Package Release Status
kde-baseapps
Launchpad, Ubuntu, Debian
Upstream
Released
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
Patches:
Upstream: https://cgit.kde.org/kdelibs.git/commit/?h=1f8b1b034ccf1713a5d123a4c327290f86d17d53
kdebase
Launchpad, Ubuntu, Debian
Upstream
Released
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
jdstrand
only 4.7.3 reported as affected. Reported as fixed in later releases

References