Lucene search

MitreCVE-2010-4206

HistoryNov 06, 2010 - 12:00 a.m.

CVE-2010-4206

2010-11-0600:00:03

CWE-787

mitre

web.nvd.nist.gov

cve-2010-4206

webcore

feblend

apply function

webkit

google chrome

denial of service

execute arbitrary code

svg document

security vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.01

Percentile

83.8%

JSON

Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.

Affected configurations

Nvd

Node

googlechromeRange<7.0.517.44

Node

webkitgtkwebkitgtkRange<1.2.6

Node

fedoraprojectfedoraMatch13

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
webkitgtkwebkitgtk*cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
fedoraprojectfedora13cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
webkitgtk	webkitgtk	*	cpe:2.3:a:webkitgtk:webkitgtk::::::::
fedoraproject	fedora	13	cpe:2.3:o:fedoraproject:fedora:13:::::::*