Lucene search

K
cve[email protected]CVE-2012-1175
HistoryAug 26, 2012 - 8:55 p.m.

CVE-2012-1175

2012-08-2620:55:00
CWE-189
web.nvd.nist.gov
29
security
integer overflow
denial of service
buffer overflow
code execution
swf
vulnerability

7.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.034 Low

EPSS

Percentile

91.5%

Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow.

Affected configurations

NVD
Node
gnugnashMatch0.8.10
CPENameOperatorVersion
gnu:gnashgnu gnasheq0.8.10

7.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.034 Low

EPSS

Percentile

91.5%