CVE-2010-4577

EUVD-2010-4543
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
< 8.0.552.224
webkitgtkwebkitgtk
𝑥
< 1.2.6
googlechrome_os
𝑥
< 8.0.552.343
debiandebian_linux
6.0
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
dapper
dne
hardy
dne
karmic
dne
lucid
Fixed 8.0.552.224~r68599-0ubuntu0.10.04.1
released
maverick
Fixed 8.0.552.224~r68599-0ubuntu0.10.10.1
released
natty
Fixed 8.0.552.224~r68599-0ubuntu1
released
webkit
hardy
ignored
lucid
Fixed 1.2.7-0ubuntu0.10.04.1
released
maverick
Fixed 1.2.7-0ubuntu0.10.10.1
released
natty
not-affected
Common Weakness Enumeration
References
http://code.google.com/p/chromium/issues/detail?id=63866
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html
http://secunia.com/advisories/42648
http://secunia.com/advisories/43086
http://trac.webkit.org/changeset/72685
http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp
http://www.debian.org/security/2011/dsa-2188
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml
http://www.redhat.com/support/errata/RHSA-2011-0177.html
http://www.securityfocus.com/bid/45722
http://www.vupen.com/english/advisories/2011/0216
https://bugs.webkit.org/show_bug.cgi?id=49883
https://bugzilla.redhat.com/show_bug.cgi?id=667025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953
http://code.google.com/p/chromium/issues/detail?id=63866
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html
http://secunia.com/advisories/42648
http://secunia.com/advisories/43086
http://trac.webkit.org/changeset/72685
http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp
http://www.debian.org/security/2011/dsa-2188
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml
http://www.redhat.com/support/errata/RHSA-2011-0177.html
http://www.securityfocus.com/bid/45722
http://www.vupen.com/english/advisories/2011/0216
https://bugs.webkit.org/show_bug.cgi?id=49883
https://bugzilla.redhat.com/show_bug.cgi?id=667025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953