← back
CVE-2010-4577

CVE-2010-4577

CVSS 7.5 HIGHEPSS 2.2%CWE-125CWE-843
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 2.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
22 Dec 2010Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://code.google.com/p/chromium/issues/detail?id=63866http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.htmlhttps://bugs.webkit.org/show_bug.cgi?id=49883https://bugzilla.redhat.com/show_bug.cgi?id=667025http://secunia.com/advisories/42648http://secunia.com/advisories/43086https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953http://trac.webkit.org/changeset/72685http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpphttp://www.debian.org/security/2011/dsa-2188http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml