CVE-2012-4512

HIGH

KDE Konqueror - Denial of Service and Memory Disclosure via CSS Font Face Source Type Confusion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4512.

AI-analyzed exploit summary This advisory details four memory corruption vulnerabilities in Konqueror 4.7.3, including type confusion, out-of-bounds access, NULL pointer dereference, and use-after-free flaws. It provides technical analysis, patch references, and proof-of-concept code snippets for each vulnerability.

Description

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

Exploits (1)

exploitdb WRITEUP

doslinux

https://www.exploit-db.com/exploits/22406

View Code ZIP pw:eip

This advisory details four memory corruption vulnerabilities in Konqueror 4.7.3, including type confusion, out-of-bounds access, NULL pointer dereference, and use-after-free flaws. It provides technical analysis, patch references, and proof-of-concept code snippets for each vulnerability.

Classification

Writeup 100%

Attack Type

Dos | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Konqueror 4.7.3

No auth needed

Prerequisites: Victim must visit a malicious webpage or interact with crafted HTML/JavaScript content.

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (11)

Core 11

Core References

Third Party Advisory x_refsource_misc

http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc

Exploit, Third Party Advisory x_refsource_misc

http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html

Broken Link, Third Party Advisory x_refsource_misc

http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html

Mailing List, Third Party Advisory x_refsource_misc

http://www.openwall.com/lists/oss-security/2012/10/11/11

Mailing List, Third Party Advisory x_refsource_misc

http://www.openwall.com/lists/oss-security/2012/10/30/6

Broken Link, Vendor Advisory x_refsource_misc

http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd3706253d6ba24088e4f07f3352

Third Party Advisory x_refsource_misc

http://rhn.redhat.com/errata/RHSA-2012-1416.html

Third Party Advisory x_refsource_misc

http://rhn.redhat.com/errata/RHSA-2012-1418.html

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securitytracker.com/id?1027709

Not Applicable, Third Party Advisory x_refsource_misc

http://secunia.com/advisories/51097

Not Applicable, Third Party Advisory x_refsource_misc

http://secunia.com/advisories/51145

Scores

CVSS v3 8.8

EPSS 0.1166

EPSS Percentile 95.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-843

Status published

Products (5)

kde/kde 4.7.3

redhat/enterprise_linux 6.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server_eus 6.3

redhat/enterprise_linux_workstation 6.0

Published Feb 08, 2020

Tracked Since Feb 18, 2026