CVE-2010-3113

Google Chrome < 5.0.375.127 - Memory Corruption via SVG Document State Handling

Title source: llm
STIX 2.1

Description

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController.

References (14)

Core 14
Core References
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
Patch, Third Party Advisory x_refsource_confirm
http://trac.webkit.org/changeset/63865
Issue Tracking, Third Party Advisory x_refsource_confirm
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=628032
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2722
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1006-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41856
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0216
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=49596
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44199
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43086
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0177.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0552

Scores

EPSS 0.0290
EPSS Percentile 85.3%

Details

CWE
CWE-119
Status published
Products (5)
canonical/ubuntu_linux 9.10
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 10.10
google/chrome < 5.0.375.127
webkitgtk/webkitgtk < 1.2.5
Published Aug 24, 2010
Tracked Since Feb 18, 2026