Vulnerabilities > CVE-2010-0659 - Resource Management Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id GOOGLE_CHROME_4_0_249_78.NASL description The version of Google Chrome installed on the remote host is earlier than 4.0.249.78. Such versions are reportedly affected by multiple vulnerabilities : - A pop-up blocker bypass. (Issue #3275) - Cross-domain theft due to CSS design error. (Issue #9877) - Browser memory error with stale pop-up block menu. (Issue #12523) - An unspecified error allows XMLHttpRequests to directories. (Issue #20450) - An unspecified error exists related to escaping characters in shortcuts. (Issue #23693) - Renderer memory errors exist when drawing on canvases. (Issue #8864, #24701, #24646) - An image decoding memory error. (Issue #28566) - An unspecified error exists that could result in failure to strip last seen 2020-06-01 modified 2020-06-02 plugin id 44317 published 2010-01-26 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44317 title Google Chrome < 4.0.249.78 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBWEBKIT-110111.NASL description Various bugs in webkit have been fixed. The CVE id last seen 2020-06-01 modified 2020-06-02 plugin id 53764 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53764 title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1) NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBWEBKIT-110104.NASL description Various bugs in webkit have been fixed. The CVE id last seen 2020-06-01 modified 2020-06-02 plugin id 75629 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75629 title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
Oval
| accepted | 2014-04-07T04:00:42.283-04:00 | ||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||
| description | The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size. | ||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:14079 | ||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||
| submitted | 2011-11-25T18:05:45.000-05:00 | ||||||||||||||||||||||||||||
| title | The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size. | ||||||||||||||||||||||||||||
| version | 52 |
References
- http://code.google.com/p/chromium/issues/detail?id=28566
- http://code.google.com/p/chromium/issues/detail?id=28566
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
- http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43068
- http://secunia.com/advisories/43068
- http://securitytracker.com/id?1023506
- http://securitytracker.com/id?1023506
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
- http://trac.webkit.org/changeset/52833
- http://trac.webkit.org/changeset/52833
- http://www.vupen.com/english/advisories/2011/0212
- http://www.vupen.com/english/advisories/2011/0212
- https://bugs.webkit.org/show_bug.cgi?id=33231
- https://bugs.webkit.org/show_bug.cgi?id=33231
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14079
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14079