CVE-2010-0041Sensitive Information Exposure in Apple Safari

CWE-200Sensitive Information Exposure2 documents2 sources
Severity
4.3MEDIUMNVD
EPSS
1.2%
top 21.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedMar 15
Latest updateMay 2

Description

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapple/safari4.0.4+5

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-xr5q-3f3c-4cmf: ImageIO in Apple Safari before 42022-05-02