CVE-2010-4577

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."

Published: Dec 22, 2010
Updated: May 9, 2024
CVE: CVE-2010-4577
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-125
CWE-843

Affected Software
References

Software	From	Fixed in
webkitgtk / webkitgtk	-	1.2.6
google / chrome_os	-	8.0.552.343
google / chrome	-	8.0.552.224
fedoraproject / fedora	13	13.x
debian / debian_linux	7.0	7.0.x
debian / debian_linux	6.0	6.0.x

http://code.google.com/p/chromium/issues/detail?id=63866
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html
http://secunia.com/advisories/42648
http://secunia.com/advisories/43086
http://trac.webkit.org/changeset/72685
http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp
http://www.debian.org/security/2011/dsa-2188
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml
http://www.redhat.com/support/errata/RHSA-2011-0177.html
http://www.securityfocus.com/bid/45722
http://www.vupen.com/english/advisories/2011/0216
https://bugs.webkit.org/show_bug.cgi?id=49883
https://bugzilla.redhat.com/show_bug.cgi?id=667025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953

Vulnerability Database

289,689

CVE-2010-4577