CVE-2010-1098
published 2010-03-24CVE-2010-1098: The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a…
PriorityP427high7.1CVSS 2.0
AVNACMAuNCNINAC
EPSS
15.05%
96.3th percentile
The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Windows resource management (ID 117000 / XFDB-56756)
vuldb·2026-05-03·CVSS 7.1
CVE-2010-1098 [HIGH] Microsoft Windows resource management (ID 117000 / XFDB-56756)
A vulnerability has been found in Microsoft Windows and classified as problematic. This affects an unknown function. Performing a manipulation results in improper resource management.
This vulnerability is known as CVE-2010-1098. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The affected component should be upgraded.
GHSA
GHSA-rw96-qxmm-m866: The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to caus
ghsa_unreviewed·2022-05-02
CVE-2010-1098 [HIGH] GHSA-rw96-qxmm-m866: The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to caus
The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.
No detection rules found.
Bugzilla
CVE-2010-4489 libvpx: Signedness error in partition size check
bugzilla·2011-01-19·CVSS 9.8
CVE-2010-4489 [CRITICAL] CVE-2010-4489 libvpx: Signedness error in partition size check
CVE-2010-4489 libvpx: Signedness error in partition size check
An integer signedness error, leading to out-of-bounds buffer read
was found in the way libvpx, VP8 Video Codec SDK, decoded certain
VP8 video frames. A remote attacker could trick a local victim
into opening a specially-crafted WebM video file in an application,
using libvpx library, leading to denial of service (particular
application crash).
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4489
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610510
[3] http://code.google.com/p/chromium/issues/detail?id=61653#c51
Upstream changeset (not definitely sure, needs confirmation):
[4] http://review.webmproject.org/#change,1098
Discussion:
This issue affects the version of the libvpx package, as shipped
Bugzilla
CVE-2010-4203 libvpx: memory corruption flaw
bugzilla·2010-11-09·CVSS 9.8
CVE-2010-4203 [CRITICAL] CVE-2010-4203 libvpx: memory corruption flaw
CVE-2010-4203 libvpx: memory corruption flaw
A recent Google Chrome update indicated there was a memory corruption flaw in libvpx [1].
Upstream changes to correct the flaw are here:
https://review.webmproject.org/#change,928
http://review.webmproject.org/#change,1098
(the second is to fix some regressions introduced by the first patch, by the looks of things).
libvpx seems to only be used, currently, by gstreamer-plugins-bad-free.
[1] http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Discussion:
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4203 to
the following vulnerability:
Name: CVE-2010-4203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4203
Assigned: 20101105
Reference: CONFIRM: http://code.google.com/p/chromium/
http://code.google.com/p/skylined/issues/detail?id=3http://skypher.com/index.php/2010/03/08/ani-file-bitmapinfoheader-biclrused-bounds-check-missing/http://www.securityfocus.com/bid/38579https://exchange.xforce.ibmcloud.com/vulnerabilities/56756http://code.google.com/p/skylined/issues/detail?id=3http://skypher.com/index.php/2010/03/08/ani-file-bitmapinfoheader-biclrused-bounds-check-missing/http://www.securityfocus.com/bid/38579https://exchange.xforce.ibmcloud.com/vulnerabilities/56756
2010-03-24
Published