Vulnerability Details : CVE-2010-4203
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-4203
Probability of exploitation activity in the next 30 days: 4.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4203
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2010-4203
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4203
-
https://rhn.redhat.com/errata/RHSA-2010-0999.html
RHSA-2010:0999 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Chrome Releases: Stable Channel UpdateRelease Notes;Vendor Advisory
-
http://code.google.com/p/chromium/issues/detail?id=60055
60055 - WebM crash in vp8_setup_intra_recon() - chromium - MonorailExploit;Issue Tracking;Mailing List;Vendor Advisory
-
http://www.vupen.com/english/advisories/2011/0115
Webmail | OVH- OVHPermissions Required;Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12198
Repository / Oval RepositoryThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-201101-03.xml
libvpx: User-assisted execution of arbitrary code (GLSA 201101-03) — Gentoo securityThird Party Advisory
Products affected by CVE-2010-4203
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:webmproject:libvpx:*:*:*:*:*:*:*:*