CVE-2010-3113

2010-08-2420:00:02

CWE-119

mitre

web.nvd.nist.gov

cve-2010-3113

google chrome

webkitgtk

svg

denial of service

memory corruption

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

9.2

Confidence

High

EPSS

0.008

Percentile

81.4%

JSON

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController.

Affected configurations

Nvd

Node

googlechromeRange<5.0.375.127

Node

webkitgtkwebkitgtkRange<1.2.5

Node

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch10.10

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
webkitgtkwebkitgtk*cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
canonicalubuntu_linux9.10cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
canonicalubuntu_linux10.10cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
webkitgtk	webkitgtk	*	cpe:2.3:a:webkitgtk:webkitgtk::::::::
canonical	ubuntu_linux	9.10	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
canonical	ubuntu_linux	10.10	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*