CVE-2010-0659

Description

The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

Affected products

• Apple / webkitr53524
• Google / Chrome4.0.249.78
• Google / Chrome0.2.149.27 – 0.2.149.27
• Google / Chrome0.2.149.29 – 0.2.149.29
• Google / Chrome0.2.149.30 – 0.2.149.30
• Google / Chrome0.2.152.1 – 0.2.152.1
• Google / Chrome0.2.153.1 – 0.2.153.1
• Google / Chrome0.3.154.0 – 0.3.154.0
• Google / Chrome0.3.154.3 – 0.3.154.3
• Google / Chrome0.4.154.18 – 0.4.154.18
• Google / Chrome0.4.154.22 – 0.4.154.22
• Google / Chrome0.4.154.31 – 0.4.154.31
• Google / Chrome0.4.154.33 – 0.4.154.33
• Google / Chrome1.0.154.36 – 1.0.154.36
• Google / Chrome1.0.154.39 – 1.0.154.39
• Google / Chrome1.0.154.42 – 1.0.154.42
• Google / Chrome1.0.154.43 – 1.0.154.43
• Google / Chrome1.0.154.46 – 1.0.154.46
• Google / Chrome1.0.154.48 – 1.0.154.48
• Google / Chrome1.0.154.52 – 1.0.154.52
• Google / Chrome1.0.154.53 – 1.0.154.53
• Google / Chrome1.0.154.59 – 1.0.154.59
• Google / Chrome1.0.154.65 – 1.0.154.65
• Google / Chrome2.0.156.1 – 2.0.156.1
• Google / Chrome2.0.157.0 – 2.0.157.0
• Google / Chrome2.0.157.2 – 2.0.157.2
• Google / Chrome2.0.158.0 – 2.0.158.0
• Google / Chrome2.0.159.0 – 2.0.159.0
• Google / Chrome2.0.169.0 – 2.0.169.0
• Google / Chrome2.0.169.1 – 2.0.169.1
• Google / Chrome2.0.170.0 – 2.0.170.0
• Google / Chrome2.0.172 – 2.0.172
• Google / Chrome2.0.172.2 – 2.0.172.2
• Google / Chrome2.0.172.8 – 2.0.172.8
• Google / Chrome2.0.172.27 – 2.0.172.27
• Google / Chrome2.0.172.28 – 2.0.172.28
• Google / Chrome2.0.172.30 – 2.0.172.30
• Google / Chrome2.0.172.31 – 2.0.172.31
• Google / Chrome2.0.172.33 – 2.0.172.33
• Google / Chrome2.0.172.37 – 2.0.172.37
• Google / Chrome2.0.172.38 – 2.0.172.38
• Google / Chrome3.0.182.2 – 3.0.182.2
• Google / Chrome3.0.190.2 – 3.0.190.2
• Google / Chrome3.0.193.2 – 3.0.193.2
• Google / Chrome3.0.195.21 – 3.0.195.21
• Google / Chrome3.0.195.24 – 3.0.195.24
• Google / Chrome3.0.195.32 – 3.0.195.32
• Google / Chrome3.0.195.33 – 3.0.195.33
• Google / Chrome4.0.244.0 – 4.0.244.0

References

• MISChttp://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/43068
• MISChttp://trac.webkit.org/changeset/52833
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0212
• MISChttps://bugs.webkit.org/show_bug.cgi?id=33231
• MISChttp://securitytracker.com/id?1023506
• MISChttp://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
• MISChttp://code.google.com/p/chromium/issues/detail?id=28566
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14079