Vulnerability Name:

CVE-2010-4040 (CCN-62671)

Assigned:2010-10-19
Published:2010-10-19
Updated:2020-07-31
Summary:Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: Exploit, Issue Tracking, Mailing List, Vendor Advisory
http://code.google.com/p/chromium/issues/detail?id=54500

Source: MITRE
Type: CNA
CVE-2010-4040

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update

Source: CONFIRM
Type: Release Notes, Vendor Advisory
http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html

Source: CCN
Type: DSA 2188-1
webkit security update

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SR:2011:002

Source: CCN
Type: SA41888
Google Chrome Multiple Vulnerabilities

Source: SECUNIA
Type: Broken Link
41888

Source: SECUNIA
Type: Broken Link
43068

Source: CCN
Type: SA43688
Debian webkit Multiple Vulnerabilities

Source: DEBIAN
Type: Third Party Advisory
DSA-2188

Source: DEBIAN
Type: DSA-2188
webkit -- several vulnerabilities

Source: MANDRIVA
Type: Broken Link
MDVSA-2011:039

Source: CCN
Type: OSVDB ID: 68841
Google Chrome Crafted Animated GIF Handling Memory Corruption

Source: BID
Type: Third Party Advisory, VDB Entry
44241

Source: CCN
Type: BID-44241
Google Chrome prior to 7.0.517.41 Multiple Security Vulnerabilities

Source: VUPEN
Type: Not Applicable
ADV-2010-2731

Source: VUPEN
Type: Not Applicable
ADV-2011-0212

Source: VUPEN
Type: Not Applicable
ADV-2011-0552

Source: XF
Type: UNKNOWN
google-chrome-gifs-code-execution(62671)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:7646

Source: SUSE
Type: SUSE-SR:2011:002
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version < 7.0.517.41)

  • Configuration 2:
  • cpe:/o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:opensuse:opensuse:*:*:*:*:*:*:*:* (Version >= 11.2 and <= 11.3)

  • Configuration CCN 1:
  • cpe:/a:google:chrome:6.0.472.55:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:6.0.472.53:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:6.0.472.59:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:6.0.472.62:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:26127
    P
    Security update for postgresql12 (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:20104040
    V
    CVE-2010-4040
    2021-08-15
    oval:org.opensuse.security:def:36502
    P
    libwebkit-1_0-2-1.2.7-0.17.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26063
    P
    Security update for dhcp (Important)
    2021-06-01
    oval:org.opensuse.security:def:26051
    P
    Security update for djvulibre (Important)
    2021-05-19
    oval:org.opensuse.security:def:26052
    P
    Security update for graphviz (Critical)
    2021-05-19
    oval:org.opensuse.security:def:26730
    P
    krb5-doc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27465
    P
    libneon-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26477
    P
    Security update for phpMyAdmin (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26769
    P
    libsoup-2_4-1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26255
    P
    Security update for libqt4 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27500
    P
    libwebkit-1_0-2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26628
    P
    perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26783
    P
    mipv6d on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26336
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26681
    P
    curl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26827
    P
    sysstat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26393
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.mitre.oval:def:12384
    P
    DSA-2188-1 webkit -- several
    2014-07-21
    oval:org.mitre.oval:def:14173
    P
    USN-1195-1 -- webkit vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:7646
    V
    Google Chrome before 7.0.517.41 does not properly handle animated GIF images
    2013-08-12
    BACK
    google chrome *
    debian debian linux 6.0
    debian debian linux 7.0
    opensuse opensuse *
    google chrome 6.0.472.55
    google chrome 6.0.472.53
    google chrome 6.0.472.59
    google chrome 6.0.472.62