CVE-2010-0042

Safari < 4.0.5 - Information Disclosure via Crafted TIFF Image

Title source: llm
STIX 2.1

Description

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

References (16)

Core 16
Core References
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4225
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023706
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39135
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38677
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4105
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4070
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42314
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4456
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38671
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Scores

EPSS 0.0252
EPSS Percentile 82.9%

Details

CWE
CWE-200
Status published
Products (6)
apple/safari 4.0
apple/safari 4.0.0b
apple/safari 4.0.1
apple/safari 4.0.2
apple/safari 4.0.3
apple/safari < 4.0.4
Published Mar 15, 2010
Tracked Since Feb 18, 2026