WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
References
Link | Resource |
---|---|
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html | Release Notes Vendor Advisory |
http://code.google.com/p/chromium/issues/detail?id=60055 | Exploit Issue Tracking Mailing List Vendor Advisory |
http://review.webmproject.org/gitweb?p=libvpx.git;a=commit;h=09bcc1f710ea65dc158639479288fb1908ff0c53 | Broken Link |
http://secunia.com/advisories/42118 | Broken Link |
http://secunia.com/advisories/42109 | Vendor Advisory |
http://review.webmproject.org/gitweb?p=libvpx.git;a=blob;f=CHANGELOG | Broken Link |
http://secunia.com/advisories/42690 | Broken Link |
https://rhn.redhat.com/errata/RHSA-2010-0999.html | Third Party Advisory |
http://security.gentoo.org/glsa/glsa-201101-03.xml | Third Party Advisory |
http://www.vupen.com/english/advisories/2011/0115 | Permissions Required Third Party Advisory |
http://secunia.com/advisories/42908 | Broken Link |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12198 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2010-11-05 17:00
Updated : 2020-07-31 11:24
NVD link : CVE-2010-4203
Mitre link : CVE-2010-4203
JSON object : View
CWE
CWE-190
Integer Overflow or Wraparound
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_workstation
- enterprise_linux_server
webmproject
- libvpx
- chrome