CVE-2010-0042

2010-03-1513:28:25

CWE-200

[email protected]

web.nvd.nist.gov

imageio

apple

safari

itunes

windows

remote attackers

sensitive information

tiff

cve-2010-0042

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

Affected configurations

NVD

Node

applesafariRange≤4.0.4

applesafariMatch4.0

applesafariMatch4.0.0b

applesafariMatch4.0.1

applesafariMatch4.0.2

applesafariMatch4.0.3

AND

microsoftwindows

CPENameOperatorVersion
apple:safariapple safarile4.0.4
apple:safariapple safarieq4.0
apple:safariapple safarieq4.0.0b
apple:safariapple safarieq4.0.1
apple:safariapple safarieq4.0.2
apple:safariapple safarieq4.0.3

CPE	Name	Operator	Version
apple:safari	apple safari	le	4.0.4
apple:safari	apple safari	eq	4.0
apple:safari	apple safari	eq	4.0.0b
apple:safari	apple safari	eq	4.0.1
apple:safari	apple safari	eq	4.0.2
apple:safari	apple safari	eq	4.0.3