CVE-2010-4203

Опубликовано: 06 нояб. 2010

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

Ссылки

http://code.google.com/p/chromium/issues/detail?id=60055
Exploit
Issue Tracking
Mailing List
Vendor Advisory
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Release Notes
Vendor Advisory
http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=blob%3Bf=CHANGELOG
http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=commit%3Bh=09bcc1f710ea65dc158639479288fb1908ff0c53
http://secunia.com/advisories/42109
Vendor Advisory
http://secunia.com/advisories/42118
Broken Link
http://secunia.com/advisories/42690
Broken Link
http://secunia.com/advisories/42908
Broken Link
http://security.gentoo.org/glsa/glsa-201101-03.xml
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0115
Permissions Required
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12198
Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2010-0999.html
Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=60055
Exploit
Issue Tracking
Mailing List
Vendor Advisory
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Release Notes
Vendor Advisory
http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=blob%3Bf=CHANGELOG
http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=commit%3Bh=09bcc1f710ea65dc158639479288fb1908ff0c53
http://secunia.com/advisories/42109
Vendor Advisory
http://secunia.com/advisories/42118
Broken Link
http://secunia.com/advisories/42690
Broken Link
http://secunia.com/advisories/42908
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Версия до 7.0.517.44 (исключая)

Конфигурация 2

cpe:2.3:a:webmproject:libvpx:*:*:*:*:*:*:*:*

Версия до 0.9.5 (исключая)

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08115

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2010-4203

CVSS3: 9.8

ubuntu

больше 14 лет назад

CVE-2010-4203

redhat

больше 14 лет назад

CVE-2010-4203

CVSS3: 9.8

debian

больше 14 лет назад

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Ch ...

GHSA-v9gv-2chp-hf2r

CVSS3: 9.8

github

около 3 лет назад

ELSA-2010-0999

oracle-oval

больше 14 лет назад

ELSA-2010-0999: libvpx security update (MODERATE)

EPSS

Процентиль: 92%

0.08115

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-190