CVE-2010-1769Use After Free in Apple Iphone OS

CWE-416Use After FreeCWE-3997 documents3 sources
Severity
10.0CRITICALNVD
NVD9.3
EPSS
5.5%
top 9.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple Itunes
Timeline
PublishedJun 18
Latest updateMay 17

Description

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDapple/itunes9.0.3+62
NVDapple/iphone_os3.2.1+23

🔴Vulnerability Details

3
GHSA
GHSA-59px-m78w-3rc3: Unspecified vulnerability in WebKit in Apple iTunes before 92022-05-17
GHSA
GHSA-hpch-jc47-w6qm: WebKit in Apple iTunes before 92022-05-17
GHSA
GHSA-3jqw-5j52-c5fj: Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 92022-05-02

📋Vendor Advisories

1
Red Hat
WebKit: use-after-free vulnerability in JavaScriptCore during page transitions2010-06-07