CVE-2010-4577

NameCVE-2010-4577
DescriptionThe CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2188-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)wheezy (security), wheezy37.0.2062.120-1~deb7u1fixed
jessie50.0.2661.94-1~deb8u1fixed
jessie (security)52.0.2743.116-1~deb8u1fixed
stretch, sid52.0.2743.116-2fixed
webkit (PTS)wheezy1.8.1-3.4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)6.0.472.63~r59945-4medium
webkitsource(unstable)1.2.7-1medium
webkitsourcesqueeze1.2.7-0+squeeze1mediumDSA-2188-1

Notes

https://bugs.webkit.org/show_bug.cgi?id=49883
http://code.google.com/p/chromium/issues/detail?id=63866
http://trac.webkit.org/changeset/72685

Search for package or bug name: Reporting problems