CVE-2010-4203
libvpx: memory corruption flaw
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
WebM libvpx (también se conoce como el SDK VP8 Codec) anterior a versión 0.9.5, tal y como es usado en Google Chrome anterior a versión 7.0.517.44, permite a los atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario por medio de tramas no validas.
Timothy B. Terriberry discovered that libvpx contains an integer overflow vulnerability in the processing of video streams that may allow user-assisted execution of arbitrary code. libvpx is vulnerable to an integer overflow vulnerability when processing crafted VP8 video streams. Versions less than 0.9.5 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-11-05 CVE Reserved
- 2010-11-05 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-05-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=blob%3Bf=CHANGELOG | X_refsource_confirm | |
| http://review.webmproject.org/gitweb?p=libvpx.git%3Ba=commit%3Bh=09bcc1f710ea65dc158639479288fb1908ff0c53 | X_refsource_confirm | |
| http://secunia.com/advisories/42118 | Broken Link | |
| http://secunia.com/advisories/42690 | Broken Link | |
| http://secunia.com/advisories/42908 | Broken Link | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12198 | Signature |
| URL | Date | SRC |
|---|---|---|
| http://code.google.com/p/chromium/issues/detail?id=60055 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html | 2023-11-07 | |
| http://secunia.com/advisories/42109 | 2023-11-07 | |
| http://security.gentoo.org/glsa/glsa-201101-03.xml | 2023-11-07 | |
| https://rhn.redhat.com/errata/RHSA-2010-0999.html | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2010-4203 | 2010-12-20 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=651213 | 2010-12-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 7.0.517.44 Search vendor "Google" for product "Chrome" and version " < 7.0.517.44" | - |
Affected
| ||||||
| Webmproject Search vendor "Webmproject" | Libvpx Search vendor "Webmproject" for product "Libvpx" | < 0.9.5 Search vendor "Webmproject" for product "Libvpx" and version " < 0.9.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||