CVE-2010-4577

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html	Vendor Advisory
http://code.google.com/p/chromium/issues/detail?id=63866	Exploit Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml	Third Party Advisory
http://secunia.com/advisories/42648	Third Party Advisory
http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp	Patch Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html	Third Party Advisory
http://trac.webkit.org/changeset/72685	Patch Third Party Advisory
https://bugs.webkit.org/show_bug.cgi?id=49883	Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=667025	Issue Tracking Third Party Advisory
http://www.securityfocus.com/bid/45722	Third Party Advisory VDB Entry
http://www.redhat.com/support/errata/RHSA-2011-0177.html	Third Party Advisory
http://secunia.com/advisories/43086	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0216	Third Party Advisory
http://www.debian.org/security/2011/dsa-2188	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:webkitgtk:webkitgtk::::::::
	cpe:2.3:o:google:chrome_os::::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:6.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*

Information

Published : 2010-12-21 17:00

Updated : 2020-07-31 11:39

NVD link : CVE-2010-4577

Mitre link : CVE-2010-4577

JSON object : View

CWE

CWE-125

Out-of-bounds Read

Products Affected

webkitgtk

webkitgtk

google

chrome
chrome_os

fedoraproject

fedora

debian

debian_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html", "name": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://code.google.com/p/chromium/issues/detail?id=63866", "name": "http://code.google.com/p/chromium/issues/detail?id=63866", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml", "name": "GLSA-201012-01", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/42648", "name": "42648", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp", "name": "http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html", "name": "FEDORA-2011-0121", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://trac.webkit.org/changeset/72685", "name": "http://trac.webkit.org/changeset/72685", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://bugs.webkit.org/show_bug.cgi?id=49883", "name": "https://bugs.webkit.org/show_bug.cgi?id=49883", "tags": ["Permissions Required"], "refsource": "MISC"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667025", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=667025", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/45722", "name": "45722", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html", "name": "RHSA-2011:0177", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/43086", "name": "43086", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/0216", "name": "ADV-2011-0216", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.debian.org/security/2011/dsa-2188", "name": "DSA-2188", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953", "name": "oval:org.mitre.oval:def:13953", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to \"Type Confusion.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-125"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-4577", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-12-22T01:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.0.552.224"}, {"cpe23Uri": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.2.6"}, {"cpe23Uri": "cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.0.552.343"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-07-31T18:39Z"}

5.0 /10