CVE-2011-1804 Information

Description

rendering/RenderBox.cpp in WebCore in WebKit before r86862 as used in Google Chrome before 11.0.696.71 does not properly render floats which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \stale pointer.\

Reference

http://code.google.com/p/chromium/issues/detail?id=82546 http://codereview.chromium.org/7050016 http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html http://trac.webkit.org/changeset/86862 http://www.securityfocus.com/bid/47965 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A13992