CVE-2012-3422
Publication date 31 July 2012
Last updated 24 July 2024
Ubuntu priority
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
Status
Package | Ubuntu Release | Status |
---|---|---|
icedtea-web | 12.04 LTS precise |
Fixed 1.2-2ubuntu1.1
|
11.10 oneiric |
Fixed 1.2-2ubuntu0.11.10.2
|
|
11.04 natty |
Fixed 1.2-2ubuntu0.11.04.2
|
|
10.04 LTS lucid |
Fixed 1.2-2ubuntu0.10.04.2
|
|
8.04 LTS hardy | Not in release |
Patch details
Package | Patch details |
---|---|
icedtea-web |
References
Related Ubuntu Security Notices (USN)
- USN-1521-1
- IcedTea-Web vulnerabilities
- 31 July 2012