CVE-2011-0170 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Itunes

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-79 — Cross-site Scripting3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

8.0%

top 7.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes

Timeline

PublishedMar 3

Latest updateMay 17

Description

Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/itunes10.1.2+64

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-p55r-97rj-vp52: Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10↗2022-05-17

▶

📋Vendor Advisories

Red Hat

Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38)↗2011-09-28

▶