Vulnerability Details : CVE-2010-4577
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-4577
Probability of exploitation activity in the next 30 days: 0.76%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4577
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2010-4577
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
-
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4577
-
http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp
Changeset 72685 for trunk/WebCore/css/CSSParser.cpp – WebKitMailing List;Patch
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html
[SECURITY] Fedora 13 Update: webkitgtk-1.2.6-1.fc13Mailing List;Third Party Advisory
-
http://secunia.com/advisories/43086
Sign inBroken Link;Third Party Advisory
-
http://www.securityfocus.com/bid/45722
WebKit CSS Token Sequences Handling Denial of Service VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://code.google.com/p/chromium/issues/detail?id=63866
63866 - WebKit CSS Font Face Parsing Type Confusion - chromium - MonorailExploit;Issue Tracking;Mailing List
-
https://bugs.webkit.org/show_bug.cgi?id=49883
Bug Access DeniedPermissions Required
-
http://www.debian.org/security/2011/dsa-2188
Debian -- Security Information -- DSA-2188-1 webkitMailing List;Third Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml
Chromium: Multiple vulnerabilities (GLSA 201012-01) — Gentoo securityThird Party Advisory
-
http://www.vupen.com/english/advisories/2011/0216
Webmail | OVH- OVHBroken Link;Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953
Repository / Oval RepositoryBroken Link;Third Party Advisory
-
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
Chrome Releases: Stable, Beta Channel UpdatesRelease Notes
-
http://secunia.com/advisories/42648
Sign inBroken Link;Third Party Advisory
-
http://trac.webkit.org/changeset/72685
Changeset 72685 – WebKitMailing List;Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=667025
667025 – (CVE-2010-4577) CVE-2010-4577 webkit: CSS Font Face Parsing Type Confusion VulnerabilityIssue Tracking;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-0177.html
SupportBroken Link;Third Party Advisory
Products affected by CVE-2010-4577
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
- cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*