CVE-2012-3422

EPSS 1.2%

Published: 8/7/2012Modified: 4/28/2026

Also known as:DEBIAN-CVE-2012-3422

Description

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.

Affected packages (1)

Debian/icedtea-webfrom 0, < 1.3-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-3422