VYPR
High severity7.5NVD Advisory· Published Dec 22, 2010· Updated Jun 16, 2026

CVE-2010-4577

CVE-2010-4577

Description

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • Google/Chrome2 versions
    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <8.0.552.224
    • (no CPE)range: <8.0.552.224
  • cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*range: <1.2.6
    • (no CPE)range: <1.2.6
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
  • Google/ChromeOS2 versions
    cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*range: <8.0.552.343
    • (no CPE)range: <8.0.552.343

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.