CVE-2011-3443 — Out-of-bounds Write in Apple Safari

CWE-3993 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.7%

top 17.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedMar 2

Latest updateMay 17

Description

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/safari5.0.5+65

🔴Vulnerability Details

GHSA

GHSA-76h2-gg8c-qx4m: Use-after-free vulnerability in WebKit, as used in Apple Safari before 5↗2022-05-17

▶

OSV

CVE-2011-3443: Use-after-free vulnerability in WebKit, as used in Apple Safari before 5↗2012-03-02

▶