VDB
CVE-2010-4577
CVE-2010-4577
PUBLISHED
CVSS 7.5 HIGH
Reported by mitre · Published December 22, 2010
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Exploit Intelligence
- http://code.google.com/p/chromium/issues/detail?id=63866 (nist-nvd)
- Konqueror 4.7.3 Memory Corruption (0day-today)
Timeline
- Dec 22, 2010 CVE Published
- Oct 31, 2012 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- FEDORA-2011-0121 vendor-advisoryx_refsource_FEDORA
- x_refsource_CONFIRM
- 42648 third-party-advisoryx_refsource_SECUNIA
- x_refsource_CONFIRM
- ADV-2011-0216 vdb-entryx_refsource_VUPEN
- x_refsource_MISC
- oval:org.mitre.oval:def:13953 vdb-entrysignaturex_refsource_OVAL
- 43086 third-party-advisoryx_refsource_SECUNIA
- x_refsource_CONFIRM
- RHSA-2011:0177 vendor-advisoryx_refsource_REDHAT
- x_refsource_MISC
- x_refsource_MISC
- DSA-2188 vendor-advisoryx_refsource_DEBIAN
- GLSA-201012-01 vendor-advisoryx_refsource_GENTOO
- 45722 vdb-entryx_refsource_BID