CVE-2010-0042
Safari < 4.0.5 - Information Disclosure via Crafted TIFF Image
Title source: llmDescription
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
References (16)
Core 16
Core References
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4225
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1023706
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39135
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38677
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4105
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4070
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42314
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4456
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38671
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Scores
EPSS
0.0252
EPSS Percentile
82.9%
Details
CWE
CWE-200
Status
published
Products (6)
apple/safari
4.0
apple/safari
4.0.0b
apple/safari
4.0.1
apple/safari
4.0.2
apple/safari
4.0.3
apple/safari
< 4.0.4
Published
Mar 15, 2010
Tracked Since
Feb 18, 2026