CVE-2010-1824 — Use After Free in Apple Itunes

CWE-416 — Use After Free4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

14.7%

top 5.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes Google Chrome Webkitgtk

Timeline

PublishedSep 24

Latest updateMay 13

Description

Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDapple/itunes< 10.2

▶NVDgoogle/chrome< 6.0.472.59

▶Ubuntuwebkitgtk/webkitgtk< 2.4.8-1ubuntu1~ubuntu14.04.1+1

🔴Vulnerability Details

GHSA

GHSA-j66m-f2pj-cwr3: Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10↗2022-05-13

▶

OSV

CVE-2010-1824: Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10↗2010-09-24

▶

📋Vendor Advisories

Ubuntu

WebKit vulnerabilities↗2011-08-23

▶