Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ea2t-5fer-y7gn
Vulnerability ID VCID-ea2t-5fer-y7gn
Aliases CVE-2012-3422
Summary The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.01173 https://api.first.org/data/v1/epss?cve=CVE-2012-3422
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3422.json
https://api.first.org/data/v1/epss?cve=CVE-2012-3422
840592 https://bugzilla.redhat.com/show_bug.cgi?id=840592
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
RHSA-2012:1132 https://access.redhat.com/errata/RHSA-2012:1132
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.79028
EPSS Score 0.01173
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:38:51.446523+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0