CVE-2012-4512

CVE-2012-4512 affects Konqueror’s CSS parser (khtml/css/cssparser.cpp) in KDE 4.7.3. A remote attacker can crash the browser and possibly read memory via a crafted font-face source due to a type-confusion issue. Connected advisories (MiracleLinux AXSA-2012-970:03, SUSE/Security Advisories, Gentoo...

CVE-2012-4512

The CSS parser khtml/css/cssparser.cpp in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service crash and possibly read memory via a crafted font face source, related to "type confusion."...

CVE-2012-4512

Removed by vendor...

DEBIAN-CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

Heap-based Buffer Over-read

The kdelibs packages provide libraries for the K Desktop Environment KDE. Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS Cascading Style Sheets parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content...

Denial Of Service (DoS)

kdelibs is vulnerable to denial of service. The CSS parser DOM implementation does not properly parse the location of the source for a font face, allowing a remote attacker to crash the application or potentially execute arbitary code by loading a malicious web page that results in a heap-based...

libcroco 0.6.12 - Denial of Service Vulnerability

Exploit for linux platform in category dos / poc libcroco multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= Libcroco is a standalone css2 parsing and manipulation library. The parser provides a low level event driven SAC like api and a css obje...

libcroco 0.6.12 - Denial of Service

libcroco multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= Libcroco is a standalone css2 parsing and manipulation library. The parser provides a low level event driven SAC like api and a css object model like api. Libcroco provides a CSS2...

libcroco 'cr_tknzr_parse_rgb' function denial of service vulnerability

libcroco is a CSS2 parsing library. A security vulnerability exists in the 'crtknzrparsergb' function of the cr-tknzr.c file in libcroco versions 0.6.11 and 0.6.12. A remote attacker can exploit this vulnerability to cause a denial of service application crash with the help of a specially crafted...

Oracle Linux 5 : kdelibs (ELSA-2009-1127)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1127 advisory. - Resolves: 505621, CVE-2009-1687, integer overflow in KJS JavaScript garbage collector CVE-2009-1698, KHTML CSS parser - incorrect handling CSS style...

Oracle Linux 3 : kdelibs (ELSA-2009-1128)

From Red Hat Security Advisory 2009:1128 : Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K...

RedHat Update for kdelibs RHSA-2012:1416-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

kdelibs security update

CentOS Errata and Security Advisory CESA-2012:1418 Updated kdelibs packages that fix two security issues are now available for Red Hat Enterprise Linux 6 FasTrack. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS...

kdelibs: Heap-based buffer overflow when parsing location of a font face source

A heap-based buffer overflow flaw was found in the way the CSS parser of the Document Object Model's DOM implementation of KDE libraries performed processing of a location of a particular font face source. A remote attacker with privileges could provide a specially-crafted web page that, when...

PT-2012-1069 · Kde +3 · Konqueror +4

Name of the Vulnerable Software and Affected Versions: kdelibs versions 4.3.4 kdelibs-devel version 4.3.4 kdelibs-debuginfo version 4.3.4 kdelibs-apidocs version 4.3.4 kdelibs-common version 4.3.4 Description: The issue concerns multiple vulnerabilities in the kdelibs package, which can lead to a...

Scientific Linux Security Update : kdelibs on SL3.x i386/x86_64

A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service Konqueror crash or, potentially, execute arbitrary...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513...

Scientific Linux Security Update : kdelibs on SL4.x, SL5.x i386/x86_64

A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service Konqueror crash or, potentially, execute arbitrary...

CentOS Update for kdelibs CESA-2009:1128 centos3 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

VulnCheck KEV: CVE-2010-3971

Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets CSS parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service application...