PT-2010-5544 · Google+3 · Chrome Os+4
Huzaifa S. Sidhpurwala
·
Published
2010-12-22
·
Updated
2025-01-21
·
CVE-2010-4577
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
WebKit versions prior to 8.0.552.224
Google Chrome versions prior to 8.0.552.224
Chrome OS versions prior to 8.0.552.343
webkitgtk versions prior to 1.2.6
Description
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
Recommendations
For WebKit versions prior to 8.0.552.224, update to version 8.0.552.224 or later.
For Google Chrome versions prior to 8.0.552.224, update to version 8.0.552.224 or later.
For Chrome OS versions prior to 8.0.552.343, update to version 8.0.552.343 or later.
For webkitgtk versions prior to 1.2.6, update to version 1.2.6 or later.
Exploit
Fix
DoS
Out of bounds Read
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Chrome Os
Google Chrome
Red Hat
Webkit
Webkitgtk