Vulnerability Name: | CVE-2010-4203 (CCN-63011) | ||||||||||||||||||||||||
Assigned: | 2010-11-04 | ||||||||||||||||||||||||
Published: | 2010-11-04 | ||||||||||||||||||||||||
Updated: | 2020-07-31 | ||||||||||||||||||||||||
Summary: | WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. | ||||||||||||||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
| ||||||||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
2.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
Vulnerability Type: | CWE-190 | ||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
References: | Source: CONFIRM Type: Exploit, Issue Tracking, Mailing List, Vendor Advisory http://code.google.com/p/chromium/issues/detail?id=60055 Source: MITRE Type: CNA CVE-2010-4203 Source: CCN Type: Google Chrome Releases Web site Stable Channel Update Source: CONFIRM Type: Release Notes, Vendor Advisory http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html Source: CONFIRM Type: Broken Link http://review.webmproject.org/gitweb?p=libvpx.git;a=blob;f=CHANGELOG Source: CONFIRM Type: Broken Link http://review.webmproject.org/gitweb?p=libvpx.git;a=commit;h=09bcc1f710ea65dc158639479288fb1908ff0c53 Source: CCN Type: RHSA-2010-0999 Moderate: libvpx security update Source: CCN Type: SA42109 Google Chrome Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 42109 Source: CCN Type: SA42118 libvpx Invalid Frame Memory Corruption Vulnerability Source: SECUNIA Type: Broken Link 42118 Source: SECUNIA Type: Broken Link 42690 Source: SECUNIA Type: Broken Link 42908 Source: GENTOO Type: Third Party Advisory GLSA-201101-03 Source: CCN Type: GLSA-201101-03 libvpx: User-assisted execution of arbitrary code Source: CCN Type: OSVDB ID: 69169 Google Chrome WebM libvpx Unspecified Memory Corruption Source: CCN Type: BID-44646 Google Chrome prior to 7.0.517.44 Multiple Security Vulnerabilities Source: CCN Type: BID-44771 WebM libvpx Unspecified Memory Corruption Vulnerability Source: VUPEN Type: Permissions Required, Third Party Advisory ADV-2011-0115 Source: XF Type: UNKNOWN google-chrome-libvpx-code-execution(63011) Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:12198 Source: REDHAT Type: Third Party Advisory RHSA-2010:0999 | ||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
BACK |