The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in
WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before
8.0.552.343, webkitgtk before 1.2.6, and other products does not properly
parse Cascading Style Sheets (CSS) token sequences, which allows remote
attackers to cause a denial of service (out-of-bounds read) via a crafted
local font, related to “Type Confusion.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | chromium-browser | < 8.0.552.224~r68599-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | chromium-browser | < 8.0.552.224~r68599-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 11.04 | noarch | chromium-browser | < 8.0.552.224~r68599-0ubuntu1 | UNKNOWN |
ubuntu | 10.04 | noarch | webkit | < 1.2.7-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | webkit | < 1.2.7-0ubuntu0.10.10.1 | UNKNOWN |