CVE-2010-0040Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Safari

CWE-1893 documents3 sources
Severity
9.3CRITICALNVD
EPSS
19.8%
top 4.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedMar 15
Latest updateMay 2

Description

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDapple/safari4.0.4+5

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-qpvq-h769-rrw8: Integer overflow in ColorSync in Apple Safari before 42022-05-02

💬Community

1
Bugzilla
CVE-2010-1679 dpkg: directory traversal flaw allows for arbitrary file creation2011-01-12