CVE-2010-4577
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
22/12/2010
Last modified:
11/04/2025
Description
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | 8.0.552.224 (excluding) | |
| cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:* | 1.2.6 (excluding) | |
| cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:* | 8.0.552.343 (excluding) | |
| cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://code.google.com/p/chromium/issues/detail?id=63866
- http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html
- http://secunia.com/advisories/42648
- http://secunia.com/advisories/43086
- http://trac.webkit.org/changeset/72685
- http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp
- http://www.debian.org/security/2011/dsa-2188
- http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml
- http://www.redhat.com/support/errata/RHSA-2011-0177.html
- http://www.securityfocus.com/bid/45722
- http://www.vupen.com/english/advisories/2011/0216
- https://bugs.webkit.org/show_bug.cgi?id=49883
- https://bugzilla.redhat.com/show_bug.cgi?id=667025
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953
- http://code.google.com/p/chromium/issues/detail?id=63866
- http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html
- http://secunia.com/advisories/42648
- http://secunia.com/advisories/43086
- http://trac.webkit.org/changeset/72685
- http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp
- http://www.debian.org/security/2011/dsa-2188
- http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml
- http://www.redhat.com/support/errata/RHSA-2011-0177.html
- http://www.securityfocus.com/bid/45722
- http://www.vupen.com/english/advisories/2011/0216
- https://bugs.webkit.org/show_bug.cgi?id=49883
- https://bugzilla.redhat.com/show_bug.cgi?id=667025
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953