CVE-2010-3116 — Use After Free in Apple Iphone OS

CWE-416 — Use After Free5 documents4 sources

Severity

10.0CRITICALNVD

EPSS

10.4%

top 6.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari Google Chrome +2 more

Timeline

PublishedAug 24

Latest updateMay 13

Description

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDapple/safari5.0 — 5.0.3+1

▶NVDgoogle/chrome< 5.0.375.127

▶NVDwebkitgtk/webkitgtk< 1.2.6

▶NVDapple/iphone_os< 4.2

Also affects: Ubuntu Linux 10.04, 10.10, 9.10

🔴Vulnerability Details

GHSA

GHSA-r86w-r23c-j68w: Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4↗2022-05-13

▶

📋Vendor Advisories

Red Hat

webkit: memory corruption with MIME types↗2010-08-19

▶

💬Community

Bugzilla

CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259 webkitgtk various flaws [fedora-all]↗2010-10-05

▶

Bugzilla

CVE-2010-3116 webkit: memory corruption with MIME types↗2010-10-05

▶