Lucene search

K

[email protected]NVD:CVE-2012-1175

HistoryAug 26, 2012 - 8:55 p.m.

CVE-2012-1175

2012-08-2620:55:00

CWE-189

[email protected]

web.nvd.nist.gov

3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.034

Percentile

91.5%

Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow.

Affected configurations

Nvd

Node

gnugnashMatch0.8.10

References

git.savannah.gnu.org/cgit/gnash.git/commit/?id=bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527

secunia.com/advisories/47183

secunia.com/advisories/48466

www.debian.org/security/2012/dsa-2435

www.openwall.com/lists/oss-security/2012/03/14/5

www.openwall.com/lists/oss-security/2012/03/14/6

www.securityfocus.com/bid/52446

bugzilla.redhat.com/show_bug.cgi?id=803443

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.034

Percentile

91.5%

Related for NVD:CVE-2012-1175

fedora4 nessus6 openvas10 cvelist1 prion1 debiancve1 cve1 ubuntucve1 debian2 gentoo1 securityvulns2 osv1