CVE-2010-0659

Currently unrated

Key Information:

Vendor: Apple
Status: Webkit; Chrome
Vendor: CVE Published:; 18 February 2010

Summary

The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

References

http://googlechromereleases.blogspot.com/2010/01/stable-c...

x_refsource_CONFIRM

http://secunia.com/advisories/43068

third-party-advisoryx_refsource_SECUNIA

http://trac.webkit.org/changeset/52833

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 18, 2010
Vulnerability Reserved
Feb 18, 2010