Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-4577

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."

Published

2010-12-22T01:00:03.157

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-125
CWE-843
Type: Secondary
CWE-125
CWE-843

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	google	chrome	< 8.0.552.224	Yes
Application	webkitgtk	webkitgtk	< 1.2.6	Yes
Operating System	google	chrome_os	< 8.0.552.343	Yes
Operating System	fedoraproject	fedora	13	Yes
Operating System	debian	debian_linux	6.0	Yes
Operating System	debian	debian_linux	7.0	Yes

References

http://code.google.com/p/chromium/issues/detail?id=63866 Exploit, Issue Tracking, Mailing List ([email protected])
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html Release Notes ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html Mailing List, Third Party Advisory ([email protected])
http://secunia.com/advisories/42648 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/43086 Broken Link, Third Party Advisory ([email protected])
http://trac.webkit.org/changeset/72685 Mailing List, Patch ([email protected])
http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp Mailing List, Patch ([email protected])
http://www.debian.org/security/2011/dsa-2188 Mailing List, Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-0177.html Broken Link, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/45722 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2011/0216 Broken Link, Third Party Advisory ([email protected])
https://bugs.webkit.org/show_bug.cgi?id=49883 Permissions Required ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=667025 Issue Tracking, Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953 Broken Link, Third Party Advisory ([email protected])
http://code.google.com/p/chromium/issues/detail?id=63866 Exploit, Issue Tracking, Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42648 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43086 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://trac.webkit.org/changeset/72685 Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2188 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0177.html Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/45722 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0216 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.webkit.org/show_bug.cgi?id=49883 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=667025 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)