CVE-2010-0041
Safari < 4.0.5 - Information Disclosure via Crafted BMP Image
Title source: llmDescription
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
References (13)
Core 13
Core References
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38676
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4225
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1023706
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39135
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6885
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4105
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4070
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38671
Scores
EPSS
0.0252
EPSS Percentile
82.9%
Details
CWE
CWE-200
Status
published
Products (6)
apple/safari
4.0
apple/safari
4.0.0b
apple/safari
4.0.1
apple/safari
4.0.2
apple/safari
4.0.3
apple/safari
< 4.0.4
Published
Mar 15, 2010
Tracked Since
Feb 18, 2026