Description
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
References (15)
Core 15
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html
Release Notes x_refsource_confirm
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
Broken Link, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42648
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=667025
Broken Link, Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0216
Permissions Required x_refsource_misc
https://bugs.webkit.org/show_bug.cgi?id=49883
Broken Link, Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13953
Broken Link, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43086
Exploit, Issue Tracking, Mailing List x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=63866
Broken Link, Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0177.html
Mailing List, Patch x_refsource_misc
http://trac.webkit.org/changeset/72685/trunk/WebCore/css/CSSParser.cpp
Mailing List, Patch x_refsource_misc
http://trac.webkit.org/changeset/72685
Mailing List, Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2188
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45722
Scores
CVSS v3
7.5
EPSS
0.0427
EPSS Percentile
88.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-125
CWE-843
Status
published
Products (6)
debian/debian_linux
6.0
debian/debian_linux
7.0
fedoraproject/fedora
13
google/chrome
< 8.0.552.224
google/chrome_os
< 8.0.552.343
webkitgtk/webkitgtk
< 1.2.6
Published
Dec 22, 2010
Tracked Since
Feb 18, 2026