CVE-2010-4203 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
google	chrome	𝑥 < 7.0.517.44
webmproject	libvpx	𝑥 < 0.9.5
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	6.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libvpx

bullseye (security)	1.9.0-1+deb11u3 fixed
bullseye	1.9.0-1+deb11u3 fixed
bookworm	1.12.0-1+deb12u3 fixed
bookworm (security)	1.12.0-1+deb12u3 fixed
sid	1.14.1-1 fixed
trixie	1.14.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

maverick	Fixed 7.0.517.41~r62167-0ubuntu0.10.10.1 released
lucid	Fixed 7.0.517.41~r62167-0ubuntu0.10.04.1 released
karmic	dne
hardy	dne
dapper	dne

libvpx

maverick	Fixed 0.9.2-1ubuntu0.1 released
lucid	Fixed 0.9.2-1ubuntu0.0.10.04.1 released
karmic	dne
hardy	dne
dapper	dne

Known Exploits!

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://code.google.com/p/chromium/issues/detail?id=60055

http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=blob%3Bf=CHANGELOG

http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=commit%3Bh=09bcc1f710ea65dc158639479288fb1908ff0c53

http://secunia.com/advisories/42109

http://secunia.com/advisories/42118

http://secunia.com/advisories/42690

http://secunia.com/advisories/42908

http://security.gentoo.org/glsa/glsa-201101-03.xml

http://www.vupen.com/english/advisories/2011/0115

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12198

https://rhn.redhat.com/errata/RHSA-2010-0999.html

http://code.google.com/p/chromium/issues/detail?id=60055

http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=blob%3Bf=CHANGELOG

http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=commit%3Bh=09bcc1f710ea65dc158639479288fb1908ff0c53

http://secunia.com/advisories/42109

http://secunia.com/advisories/42118

http://secunia.com/advisories/42690

http://secunia.com/advisories/42908

http://security.gentoo.org/glsa/glsa-201101-03.xml

http://www.vupen.com/english/advisories/2011/0115

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12198

https://rhn.redhat.com/errata/RHSA-2010-0999.html