CVE-2010-4577 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-4577 PUBLISHED CVSS 7.5 HIGH

Reported by mitre · Published December 22, 2010

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a

Timeline

Dec 22, 2010 CVE Published
Oct 31, 2012 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

FEDORA-2011-0121 vendor-advisoryx_refsource_FEDORA
x_refsource_CONFIRM
42648 third-party-advisoryx_refsource_SECUNIA
x_refsource_CONFIRM
ADV-2011-0216 vdb-entryx_refsource_VUPEN
x_refsource_MISC
oval:org.mitre.oval:def:13953 vdb-entrysignaturex_refsource_OVAL
43086 third-party-advisoryx_refsource_SECUNIA
x_refsource_CONFIRM
RHSA-2011:0177 vendor-advisoryx_refsource_REDHAT
x_refsource_MISC
x_refsource_MISC
DSA-2188 vendor-advisoryx_refsource_DEBIAN
GLSA-201012-01 vendor-advisoryx_refsource_GENTOO
45722 vdb-entryx_refsource_BID

Open in Interactive Console →