CVE-2010-4577Out-of-bounds Read in Google Chrome

CWE-125Out-of-bounds ReadCWE-843Type Confusion7 documents6 sources
Severity
7.5HIGHNVD
EPSS
4.3%
top 11.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google ChromeGoogle Chrome OSWebkitgtk+2 more
Timeline
PublishedDec 22
Latest updateMay 13

Description

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDgoogle/chrome< 8.0.552.224
NVDgoogle/chrome_os< 8.0.552.343
NVDwebkitgtk/webkitgtk< 1.2.6

Also affects: Debian Linux 6.0, 7.0, Fedora 13

Patches

Patch: trac.webkit.orgPatch: trac.webkit.orgPatch: trac.webkit.org

🔴Vulnerability Details

2
GHSA
GHSA-9j34-5qgm-c4jh: The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser2022-05-13
CVEList
CVE-2010-4577: The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser2010-12-22

📋Vendor Advisories

2
Ubuntu
WebKit vulnerabilities2011-08-23
Red Hat
webkit: CSS Font Face Parsing Type Confusion Vulnerability2010-12-13

💬Community

2
Bugzilla
CVE-2010-4577 webkit: CSS Font Face Parsing Type Confusion Vulnerability2011-01-04
Bugzilla
CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206 CVE-2010-3812 CVE-2010-3813 CVE-2010-4577 CVE-2010-3255 CVE-2010-3119 webkitgtk various flaws [fedora-13]2011-01-04
CVE-2010-4577 — Out-of-bounds Read in Google Chrome | cvebase