{"id":"DEBIAN-CVE-2012-4540","details":"Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.","modified":"2026-04-28T20:16:40.265803Z","published":"2012-11-11T13:00:54.073Z","upstream":["CVE-2012-4540"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2012-4540"}],"affected":[{"package":{"name":"icedtea-web","ecosystem":"Debian:11","purl":"pkg:deb/debian/icedtea-web?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.1-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4540.json"}},{"package":{"name":"icedtea-web","ecosystem":"Debian:12","purl":"pkg:deb/debian/icedtea-web?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.1-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4540.json"}},{"package":{"name":"icedtea-web","ecosystem":"Debian:13","purl":"pkg:deb/debian/icedtea-web?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.1-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4540.json"}},{"package":{"name":"icedtea-web","ecosystem":"Debian:14","purl":"pkg:deb/debian/icedtea-web?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.1-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4540.json"}}],"schema_version":"1.7.5"}