CVE-2012-0268
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.1
Description
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| yahoo | messenger | {"endIncluding":"11.5.0.152"} | |
| yahoo | messenger | 0.99.17-1 | |
| yahoo | messenger | 1.0 | |
| yahoo | messenger | 1.0.4 | |
| yahoo | messenger | 1.0.6 | |
| yahoo | messenger | 2.0.1.4 | |
| yahoo | messenger | 3.0 | |
| yahoo | messenger | 3.0.1 | |
| yahoo | messenger | 3.5 | |
| yahoo | messenger | 4.0 | |
| yahoo | messenger | 4.1 | |
| yahoo | messenger | 5.0 | |
| yahoo | messenger | 5.0.1046 | |
| yahoo | messenger | 5.0.1065 | |
| yahoo | messenger | 5.0.1232 | |
| yahoo | messenger | 5.5 | |
| yahoo | messenger | 5.5.1249 | |
| yahoo | messenger | 5.6 | |
| yahoo | messenger | 5.6.0.1347 | |
| yahoo | messenger | 5.6.0.1351 | |
| yahoo | messenger | 5.6.0.1355 | |
| yahoo | messenger | 5.6.0.1356 | |
| yahoo | messenger | 5.6.0.1358 | |
| yahoo | messenger | 6.0 | |
| yahoo | messenger | 6.0.0.1643 | |
| yahoo | messenger | 6.0.0.1750 | |
| yahoo | messenger | 6.0.0.1921 | |
| yahoo | messenger | 6.1 | |
| yahoo | messenger | 7.0 | |
| yahoo | messenger | 7.0.0.426 | |
| yahoo | messenger | 7.0.0.437 | |
| yahoo | messenger | 7.0.438 | |
| yahoo | messenger | 7.5 | |
| yahoo | messenger | 7.5.0.814 | |
| yahoo | messenger | 8.0 | |
| yahoo | messenger | 8.0.0.505 | |
| yahoo | messenger | 8.0.0.508 | |
| yahoo | messenger | 8.0.0.701 | |
| yahoo | messenger | 8.0.0.716 | |
| yahoo | messenger | 8.0.0.863 | |
| yahoo | messenger | 8.0.1 | |
| yahoo | messenger | 8.0_2005.1.1.4 | |
| yahoo | messenger | 8.1 | |
| yahoo | messenger | 8.1.0.195 | |
| yahoo | messenger | 8.1.0.209 | |
| yahoo | messenger | 8.1.0.239 | |
| yahoo | messenger | 8.1.0.244 | |
| yahoo | messenger | 8.1.0.249 | |
| yahoo | messenger | 8.1.0.401 | |
| yahoo | messenger | 8.1.0.402 | |
| yahoo | messenger | 8.1.0.413 | |
| yahoo | messenger | 8.1.0.416 | |
| yahoo | messenger | 8.1.0.419 | |
| yahoo | messenger | 8.1.0.421 | |
| yahoo | messenger | 9.0.0.797 | |
| yahoo | messenger | 9.0.0.907 | |
| yahoo | messenger | 9.0.0.922 | |
| yahoo | messenger | 9.0.0.1389 | |
| yahoo | messenger | 9.0.0.1912 | |
| yahoo | messenger | 9.0.0.2018 | |
| yahoo | messenger | 9.0.0.2034 | |
| yahoo | messenger | 9.0.0.2112 | |
| yahoo | messenger | 9.0.0.2123 | |
| yahoo | messenger | 9.0.0.2128 | |
| yahoo | messenger | 9.0.0.2133 | |
| yahoo | messenger | 9.0.0.2136 | |
| yahoo | messenger | 9.0.0.2152 | |
| yahoo | messenger | 9.0.0.2160 | |
| yahoo | messenger | 9.0.0.2161 | |
| yahoo | messenger | 9.0.0.2162 | |
| yahoo | messenger | 10.0.0.331 | |
| yahoo | messenger | 10.0.0.525 | |
| yahoo | messenger | 10.0.0.542 | |
| yahoo | messenger | 10.0.0.1102 | |
| yahoo | messenger | 10.0.0.1241 | |
| yahoo | messenger | 10.0.0.1258 | |
| yahoo | messenger | 10.0.0.1264 | |
| yahoo | messenger | 10.0.0.1267 | |
| yahoo | messenger | 10.0.0.1270 | |
| yahoo | messenger | 11.0.0.1751 | |
| yahoo | messenger | 11.0.0.2009 | |
| yahoo | messenger | 11.0.0.2014 | |
References
CWEs
CWE-189
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.