CVE-2012-3422

描述

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.

受影響套件(1)

• Debian/icedtea-webfrom 0, < 1.3-1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-3422