Lucene search

[email protected]CVE-2012-1175

HistoryAug 26, 2012 - 8:55 p.m.

CVE-2012-1175

2012-08-2620:55:00

CWE-189

[email protected]

web.nvd.nist.gov

security

integer overflow

denial of service

buffer overflow

code execution

swf

vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

gnugnashMatch0.8.10

CPENameOperatorVersion
gnu:gnashgnu gnasheq0.8.10

CPE	Name	Operator	Version
gnu:gnash	gnu gnash	eq	0.8.10

References

git.savannah.gnu.org/cgit/gnash.git/commit/?id=bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527

secunia.com/advisories/47183

secunia.com/advisories/48466

www.debian.org/security/2012/dsa-2435

www.openwall.com/lists/oss-security/2012/03/14/5

www.openwall.com/lists/oss-security/2012/03/14/6

www.securityfocus.com/bid/52446

bugzilla.redhat.com/show_bug.cgi?id=803443

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2012-1175

nessus6 openvas10 fedora4 cvelist1 debiancve1 prion1 nvd1 ubuntucve1 debian2 gentoo1 securityvulns2 osv1