CVE-2010-0041

Safari < 4.0.5 - Information Disclosure via Crafted BMP Image

Title source: llm
STIX 2.1

Description

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

References (13)

Core 13
Core References
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38676
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4225
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023706
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39135
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6885
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4105
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4070
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38671

Scores

EPSS 0.0252
EPSS Percentile 82.9%

Details

CWE
CWE-200
Status published
Products (6)
apple/safari 4.0
apple/safari 4.0.0b
apple/safari 4.0.1
apple/safari 4.0.2
apple/safari 4.0.3
apple/safari < 4.0.4
Published Mar 15, 2010
Tracked Since Feb 18, 2026