CVE-2010-0659

CWE-3993 documents3 sources

Severity

9.3CRITICAL

EPSS

7.0%

top 8.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Webkit Google Chrome

Timeline

PublishedFeb 18

Latest updateMay 2

Description

The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDgoogle/chrome4.0.249.78+47

▶NVDapple/webkitr53524

Patches

Patch: googlechromereleases.blogspot.com ↗Patch: googlechromereleases.blogspot.com ↗

🔴Vulnerability Details

GHSA

GHSA-wf8r-7846-mgqj: The image decoder in WebKit before r52833, as used in Google Chrome before 4↗2022-05-02

▶

CVEList

CVE-2010-0659: The image decoder in WebKit before r52833, as used in Google Chrome before 4↗2010-02-18

▶