CVE-2012-4540: Buffer Overflow
First published: Mon Oct 22 2012(Updated: )
A flaw was reported in IcedTea-web plugin where certain events attached to an applet, when triggered, could lead to a heap-based buffer overflow, resulting in possible information leak, crash, or code execution.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icedtea-web | <1.1.7 | 1.1.7 |
| redhat/icedtea-web | <1.2.2 | 1.2.2 |
| redhat/icedtea-web | <1.3.1 | 1.3.1 |
| redhat/icedtea-web | <1.4.1 | 1.4.1 |
| openSUSE libeconf | =13.1 | |
| openSUSE libeconf | =13.2 | |
| Red Hat IcedTea-Web | =1.1 | |
| Red Hat IcedTea-Web | =1.1.1 | |
| Red Hat IcedTea-Web | =1.1.2 | |
| Red Hat IcedTea-Web | =1.1.3 | |
| Red Hat IcedTea-Web | =1.1.4 | |
| Red Hat IcedTea-Web | =1.1.5 | |
| Red Hat IcedTea-Web | =1.1.6 | |
| Red Hat IcedTea-Web | =1.2 | |
| Red Hat IcedTea-Web | =1.2.1 | |
| Red Hat IcedTea-Web | =1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2012-4540
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=631741&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=631741&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=635041&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=635041&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=869040#c0
- http://icedtea.classpath.org/hg/release/icedtea-web-1.3/file/11c61503e614/plugin/icedteanp/IcedTeaScriptablePluginObject.cc#l592
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=636971&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=636971&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=636984&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=636984&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=869040#c7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=869040#c4
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html
- http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe
- https://rhn.redhat.com/errata/RHSA-2012-1434.html
- http://icedtea.classpath.org/hg/icedtea-web/rev/dbd98f24eebb
- http://icedtea.classpath.org/hg/release/icedtea-web-1.4/rev/82e007d8b05a
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=869040#c12
- https://access.redhat.com/security/cve/CVE-2013-4349
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1007960
- https://bugzilla.redhat.com/show_bug.cgi?id=869040
- http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS
- http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html
- http://rhn.redhat.com/errata/RHSA-2012-1434.html
- http://secunia.com/advisories/51206
- http://secunia.com/advisories/51220
- http://secunia.com/advisories/51374
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.debian.org/security/2013/dsa-2768
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:171
- http://www.openwall.com/lists/oss-security/2012/11/07/5
- http://www.securityfocus.com/bid/56434
- http://www.securityfocus.com/bid/62426
- http://www.securitytracker.com/id?1027738
- http://www.ubuntu.com/usn/USN-1625-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1007960
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79894
Frequently Asked Questions
What is the severity of CVE-2012-4540?
CVE-2012-4540 is classified as a high severity vulnerability due to its potential for heap-based buffer overflow, which can lead to code execution.
How do I fix CVE-2012-4540?
To fix CVE-2012-4540, upgrade IcedTea-web to versions 1.1.7, 1.2.2, 1.3.1, or 1.4.1 as recommended by the vendor.
Which versions of IcedTea-web are affected by CVE-2012-4540?
Affected versions of IcedTea-web include all versions prior to 1.1.7, 1.2.2, 1.3.1, and 1.4.1.
What type of attacks can exploit CVE-2012-4540?
CVE-2012-4540 can be exploited to trigger a heap-based buffer overflow, resulting in potential information leakage, application crashes, or arbitrary code execution.
What platforms are affected by CVE-2012-4540?
CVE-2012-4540 affects platforms running specific versions of IcedTea-web on Red Hat and openSUSE distributions.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-4540
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- package-manager/redhat
- vendor/opensuse
- canonical/opensuse libeconf
- version/opensuse libeconf/13.1
- version/opensuse libeconf/13.2
- vendor/redhat
- canonical/red hat icedtea-web
- version/red hat icedtea-web/1.1
- version/red hat icedtea-web/1.1.1
- version/red hat icedtea-web/1.1.2
- version/red hat icedtea-web/1.1.3
- version/red hat icedtea-web/1.1.4
- version/red hat icedtea-web/1.1.5
- version/red hat icedtea-web/1.1.6
- version/red hat icedtea-web/1.2
- version/red hat icedtea-web/1.2.1
- version/red hat icedtea-web/1.3