CVE-2010-4203 — Integer Overflow or Wraparound in Google Chrome

CWE-190 — Integer Overflow or Wraparound9 documents8 sources

Severity

9.8CRITICALNVD

EPSS

8.1%

top 7.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webmproject Libvpx Google Chrome Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedNov 6

Latest updateMay 13

Description

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶NVDgoogle/chrome< 7.0.517.44

▶NVDwebmproject/libvpx< 0.9.5

▶Debianwebmproject/libvpx< 0.9.1-2+3

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

🔴Vulnerability Details

GHSA

GHSA-v9gv-2chp-hf2r: WebM libvpx (aka the VP8 Codec SDK) before 0↗2022-05-13

▶

OSV

CVE-2010-4203: WebM libvpx (aka the VP8 Codec SDK) before 0↗2010-11-06

▶

CVEList

CVE-2010-4203: WebM libvpx (aka the VP8 Codec SDK) before 0↗2010-11-05

▶

📋Vendor Advisories

Ubuntu

libvpx vulnerability↗2010-11-10

▶

Red Hat

libvpx: memory corruption flaw↗2010-11-04

▶

Debian

CVE-2010-4203: libvpx - WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome befor...↗2010

▶

💬Community

Bugzilla

CVE-2010-4203 libvpx: memory corruption flaw [fedora-all]↗2010-11-11

▶

Bugzilla

CVE-2010-4203 libvpx: memory corruption flaw↗2010-11-09

▶