CVE-2010-4577 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2010-4577?

CVE-2010-4577 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-4577?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Webkitgtk Webkitgtk, Google Chrome Os, Fedoraproject Fedora, Debian Debian Linux.

Vulnerability Description

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Chrome	< 8.0.552.224
Webkitgtk	Webkitgtk	< 1.2.6
Google	Chrome Os	< 8.0.552.343
Fedoraproject	Fedora	13
Debian	Debian Linux	6.0

Related Weaknesses (CWE)

CWE-843 CWE-125

References

http://code.google.com/p/chromium/issues/detail?id=63866ExploitIssue TrackingMailing List
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.Release Notes
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.htMailing ListThird Party Advisory
http://secunia.com/advisories/42648Broken LinkThird Party Advisory
http://secunia.com/advisories/43086Broken LinkThird Party Advisory
http://trac.webkit.org/changeset/72685Mailing ListPatch
http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cppMailing ListPatch
http://www.debian.org/security/2011/dsa-2188Mailing ListThird Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0177.htmlBroken LinkThird Party Advisory
http://www.securityfocus.com/bid/45722Broken LinkThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2011/0216Broken LinkThird Party Advisory
https://bugs.webkit.org/show_bug.cgi?id=49883Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=667025Issue TrackingThird Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken LinkThird Party Advisory

FAQ

What is CVE-2010-4577?

CVE-2010-4577 is a vulnerability with a CVSS score of 7.5 (HIGH). The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products d...

How severe is CVE-2010-4577?

CVE-2010-4577 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-4577?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Webkitgtk Webkitgtk, Google Chrome Os, Fedoraproject Fedora, Debian Debian Linux.