[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-4577

Date: (C)2010-12-21   (M)2017-09-22
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."

Reference:
SECUNIA-42648
SECUNIA-43086
BID-45722
ADV-2011-0216
DSA-2188
FEDORA-2011-0121
GLSA-201012-01
RHSA-2011:0177
http://code.google.com/p/chromium/issues/detail?id=63866
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
http://trac.webkit.org/changeset/72685
http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp
https://bugs.webkit.org/show_bug.cgi?id=49883
https://bugzilla.redhat.com/show_bug.cgi?id=667025

CPE    861
cpe:/o:google:chrome_os:8.0.552.342
cpe:/a:google:chrome:6.0.481.0
cpe:/a:google:chrome:8.0.552.105
cpe:/a:google:chrome:6.0.417.0
...
CWE    1
CWE-119
OVAL    7
oval:org.secpod.oval:def:101192
oval:org.secpod.oval:def:700580
oval:org.secpod.oval:def:600546
oval:org.secpod.oval:def:500053
...

© 2013 SecPod Technologies