Lucene search

[email protected]CVE-2012-1175

HistoryAug 26, 2012 - 8:55 p.m.

CVE-2012-1175

2012-08-2620:55:00

CWE-189

[email protected]

web.nvd.nist.gov

security

integer overflow

denial of service

buffer overflow

code execution

swf

vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.034

Percentile

91.5%

JSON

Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

gnugnashMatch0.8.10

VendorProductVersionCPE
gnugnash0.8.10cpe:/a:gnu:gnash:0.8.10:::

Vendor	Product	Version	CPE
gnu	gnash	0.8.10	cpe:/a:gnu:gnash:0.8.10:::

References

git.savannah.gnu.org/cgit/gnash.git/commit/?id=bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527

secunia.com/advisories/47183

secunia.com/advisories/48466

www.debian.org/security/2012/dsa-2435

www.openwall.com/lists/oss-security/2012/03/14/5

www.openwall.com/lists/oss-security/2012/03/14/6

www.securityfocus.com/bid/52446

bugzilla.redhat.com/show_bug.cgi?id=803443

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.034

Percentile

91.5%

JSON

Related for CVE-2012-1175

nessus6 openvas10 fedora4 cvelist1 debiancve1 nvd1 prion1 debian2 ubuntucve1 gentoo1 securityvulns2 osv1