The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
02 Feb 2024, 02:39
Type | Values Removed | Values Added |
---|---|---|
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953 - Broken Link, Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0216 - Broken Link, Third Party Advisory | |
References | (MISC) http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp - Mailing List, Patch | |
References | (CONFIRM) http://code.google.com/p/chromium/issues/detail?id=63866 - Exploit, Issue Tracking, Mailing List | |
References | (BID) http://www.securityfocus.com/bid/45722 - Broken Link, Third Party Advisory, VDB Entry | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html - Mailing List, Third Party Advisory | |
References | (MISC) http://trac.webkit.org/changeset/72685 - Mailing List, Patch | |
References | (DEBIAN) http://www.debian.org/security/2011/dsa-2188 - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html - Release Notes | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0177.html - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/43086 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/42648 - Broken Link, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-843 |
Information
Published : 2010-12-22 01:00
Updated : 2024-02-28 11:41
NVD link : CVE-2010-4577
Mitre link : CVE-2010-4577
CVE.ORG link : CVE-2010-4577
JSON object : View
Products Affected
- chrome_os
- chrome
webkitgtk
- webkitgtk
debian
- debian_linux
fedoraproject
- fedora