CVE-2010-3812

Published: 22 November 2010

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.

Priority

Medium

Status

Package Release Status
qt4-x11
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(webkit isn't built)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(webkit isn't built)
qtwebkit-source
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(no update available)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [no update available])
webkit
Launchpad, Ubuntu, Debian
Upstream
Released (1.2.6)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

webkitgtk
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.4.9-2ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [2.4.8-1ubuntu1~ubuntu14.04.1])

Notes

AuthorNote
jdstrand
qt4-x11 unmaintained upstream (see README.webkit for details)

References