CVE-2011-0215 — Improper Input Validation in Apple Safari

CWE-20 — Improper Input Validation2 documents2 sources

Severity

9.3CRITICALNVD

EPSS

1.8%

top 17.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedJul 21

Latest updateMay 17

Description

ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/safari5.0.5+55

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-4283-h7jw-rq98: ImageIO in Apple Safari before 5↗2022-05-17

▶