WebKit Image Decoder Memory Allocation Vulnerability in Google Chrome
CVE-2010-0659

Currently unrated

Key Information:

Vendor: Apple
Status: Webkit; Chrome
Vendor: CVE Published:; 18 February 2010

Summary

A security flaw exists in the image decoder of WebKit, utilized by Google Chrome prior to version 4.0.249.78. This vulnerability arises from improper handling of memory allocation failures, allowing remote attackers to manipulate the browser's sandbox environment. By crafting a malformed GIF file that specifies an excessively large size, attackers can execute arbitrary code, potentially compromising user systems. This issue is critical for users of outdated versions of Chrome and requires prompt attention to mitigate risks.

References

http://googlechromereleases.blogspot.com/2010/01/stable-c...

x_refsource_CONFIRM

http://secunia.com/advisories/43068

third-party-advisoryx_refsource_SECUNIA

http://trac.webkit.org/changeset/52833

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 18, 2010
Vulnerability Reserved
Feb 18, 2010