Vulnerabilities > Webkitgtk

DATE CVE VULNERABILITY TITLE RISK
2010-12-22 CVE-2010-4577 Type Confusion vulnerability in multiple products
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
network
low complexity
webkitgtk google fedoraproject debian CWE-843
7.5
7.5
2010-11-06 CVE-2010-4206 Out-of-bounds Write vulnerability in multiple products
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.
network
low complexity
google webkitgtk fedoraproject CWE-787
8.8
8.8
2010-11-06 CVE-2010-4204 WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google webkitgtk fedoraproject
critical
 9.8
9.8
2010-11-06 CVE-2010-4198 Improper Input Validation vulnerability in multiple products
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.
network
low complexity
google webkitgtk fedoraproject CWE-20
8.8
8.8
2010-11-06 CVE-2010-4197 Use After Free vulnerability in multiple products
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
network
low complexity
google webkitgtk fedoraproject CWE-416
critical
 9.8
9.8