CVE-2010-0041

2010-03-1513:28:25

CWE-200

[email protected]

web.nvd.nist.gov

cve-2010-0041

imageio

apple safari

itunes

windows

memory access

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.4%

JSON

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

Affected configurations

NVD

Node

applesafariRange≤4.0.4

applesafariMatch4.0

applesafariMatch4.0.0b

applesafariMatch4.0.1

applesafariMatch4.0.2

applesafariMatch4.0.3

AND

microsoftwindows

CPENameOperatorVersion
apple:safariapple safarile4.0.4
apple:safariapple safarieq4.0
apple:safariapple safarieq4.0.0b
apple:safariapple safarieq4.0.1
apple:safariapple safarieq4.0.2
apple:safariapple safarieq4.0.3

CPE	Name	Operator	Version
apple:safari	apple safari	le	4.0.4
apple:safari	apple safari	eq	4.0
apple:safari	apple safari	eq	4.0.0b
apple:safari	apple safari	eq	4.0.1
apple:safari	apple safari	eq	4.0.2
apple:safari	apple safari	eq	4.0.3