Vulnerability Name:

CVE-2010-1822 (CCN-61903)

Assigned:2010-09-17
Published:2010-09-17
Updated:2020-08-03
Summary:WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-704
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: Exploit, Issue Tracking, Mailing List, Vendor Advisory
http://code.google.com/p/chromium/issues/detail?id=55114

Source: MITRE
Type: CNA
CVE-2010-1822

Source: CCN
Type: Google Chrome Releases Web site
Stable, Beta Channel Updates

Source: CONFIRM
Type: Release Notes, Vendor Advisory
http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html

Source: APPLE
Type: Mailing List, Vendor Advisory
APPLE-SA-2010-11-18-1

Source: APPLE
Type: Mailing List, Third Party Advisory
APPLE-SA-2010-11-22-1

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SR:2011:002

Source: CCN
Type: SA42314
Apple iOS Multiple Vulnerabilities

Source: SECUNIA
Type: Broken Link
42314

Source: SECUNIA
Type: Broken Link
43068

Source: CCN
Type: Apple KB HT4455
About the security content of Safari 5.0.3 and Safari 4.1.3

Source: CONFIRM
Type: Vendor Advisory
http://support.apple.com/kb/HT4455

Source: CCN
Type: Apple Web site
About the security content of iOS 4.2

Source: CONFIRM
Type: Vendor Advisory
http://support.apple.com/kb/HT4456

Source: CCN
Type: OSVDB ID: 68365
Google Chrome WebKit Variable Casting Weakness Malformed SVG Document Handling Unspecified Issue

Source: CCN
Type: BID-44647
Webkit SVG Document CVE-2010-1822 Remote Denial of Service Vulnerability

Source: VUPEN
Type: Broken Link, Vendor Advisory
ADV-2010-3046

Source: VUPEN
Type: Broken Link, Vendor Advisory
ADV-2011-0212

Source: CONFIRM
Type: Permissions Required, Vendor Advisory
https://bugs.webkit.org/show_bug.cgi?id=45562

Source: XF
Type: UNKNOWN
google-chrome-cast-svg-ce(61903)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:6691

Source: SUSE
Type: SUSE-SR:2011:002
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:safari:*:*:*:*:*:*:*:* (Version < 4.1.3)
  • OR cpe:/a:apple:safari:*:*:*:*:*:*:*:* (Version >= 5.0 and < 5.0.3)
  • OR cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version < 6.0.472.62)

    • Configuration 2:
  • cpe:/o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:11.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:*
  • OR cpe:/a:apple:safari:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:4.0.249.78:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:4.0.249.89:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:4.1.249.1042:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:4.1.249.1036:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:4.1.249.1045:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:4.1.249.1059:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:4.1.249.1064:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:5.0.375.55:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:ios:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:6.0.472.55:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:6.0.472.53:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:3.0:-:ipodtouch:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:3.1.2:-:ipodtouch:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*
  • OR cpe:/o:apple:ios:4.0.1:-:ipodtouch:*:*:*:*:*
  • OR cpe:/o:apple:ios:4.0:-:ipodtouch:*:*:*:*:*
  • AND
  • cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
  • OR cpe:/h:apple:ipad:*:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20101822
    V
    		CVE-2010-1822
    2015-11-16
    oval:org.mitre.oval:def:6691
    V
    		Google Chrome WebKit Variable Casting Weakness Malformed SVG Document Handling Unspecified Issue
    2013-08-12
    BACK
    apple safari *
    apple safari *
    google chrome *
    opensuse opensuse 11.2
    opensuse opensuse 11.3
    apple iphone os 2.0.0 -
    apple iphone os 2.0.1
    apple iphone os 2.0.1 -
    apple iphone os 2.0.2
    apple iphone os 2.0.2 -
    apple safari 4.0
    apple safari 4.0.1
    apple iphone os 2.1
    apple iphone os 2.0
    apple iphone os 3.0
    apple safari 4.0.2
    apple safari 4.0.3
    apple safari 4.0.4
    apple iphone os 3.1
    apple iphone os 3.1.2
    apple iphone os 3.1.3
    google chrome 4.0.249.78
    google chrome 4.0.249.89
    apple safari 4.0.5
    google chrome 4.1.249.1042
    google chrome 4.1.249.1036
    google chrome 4.1.249.1045
    google chrome 4.1.249.1059
    google chrome 4.1.249.1064
    apple safari 4.1
    apple safari 5.0
    google chrome 5.0.375.55
    apple iphone os 4.0
    apple iphone os 4.0.1
    apple safari 5.0.1
    google chrome 6.0.472.55
    google chrome 6.0.472.53
    apple safari 5.0.2
    apple iphone os 2.1 -
    apple iphone os 3.0 -
    apple iphone os 3.1.2 -
    apple iphone os 3.1 -
    apple iphone os 4.0.1 -
    apple iphone os 4.0 -
    apple mac os x 10.4.11
    apple mac os x server 10.4.11
    apple mac os x 10.5.8
    apple mac os x server 10.5.8
    apple ipad *
    apple mac os x server 10.6.4
    apple mac os x 10.6.4