CVE-2010-4203 — CRITICAL (9.8)

Q: How severe is CVE-2010-4203?

CVE-2010-4203 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2010-4203?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Webmproject Libvpx, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.

Vulnerability Description

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Chrome	< 7.0.517.44
Webmproject	Libvpx	< 0.9.5
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-190

References

http://code.google.com/p/chromium/issues/detail?id=60055ExploitIssue TrackingMailing List
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.htmlRelease NotesVendor Advisory
http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=blob%3Bf=CHANGELOG
http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=commit%3Bh=09bcc1f710ea65d
http://secunia.com/advisories/42109Vendor Advisory
http://secunia.com/advisories/42118Broken Link
http://secunia.com/advisories/42690Broken Link
http://secunia.com/advisories/42908Broken Link
http://security.gentoo.org/glsa/glsa-201101-03.xmlThird Party Advisory
http://www.vupen.com/english/advisories/2011/0115Permissions RequiredThird Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2010-0999.htmlThird Party Advisory
http://code.google.com/p/chromium/issues/detail?id=60055ExploitIssue TrackingMailing List
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.htmlRelease NotesVendor Advisory
http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=blob%3Bf=CHANGELOG

FAQ

What is CVE-2010-4203?

CVE-2010-4203 is a vulnerability with a CVSS score of 9.8 (CRITICAL). WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary cod...

How severe is CVE-2010-4203?

CVE-2010-4203 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2010-4203?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Webmproject Libvpx, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.