Lucene search

AppleCVE-2010-1811

HistorySep 09, 2010 - 10:00 p.m.

CVE-2010-1811

2010-09-0922:00:01

CWE-119

apple

web.nvd.nist.gov

cve-2010-1811

imageio

apple ios

remote attackers

arbitrary code

denial of service

memory corruption

application crash

tiff file

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.2

Confidence

High

EPSS

0.014

Percentile

86.3%

JSON

ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.

Affected configurations

Nvd

Node

appleiphone_osRange<4.1

AND

appleipod_touchMatch-

appleiphone_osMatch-

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipod_touch-cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*
appleiphone_os-cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipod_touch	-	cpe:2.3:h:apple:ipod_touch:-:::::::*
apple	iphone_os	-	cpe:2.3:o:apple:iphone_os:-:::::::*

References

lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

lists.apple.com/archives/security-announce/2010//Sep/msg00002.html

secunia.com/advisories/42314

support.apple.com/kb/HT4334

support.apple.com/kb/HT4435

support.apple.com/kb/HT4456

exchange.xforce.ibmcloud.com/vulnerabilities/61696

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.2

Confidence

High

EPSS

0.014

Percentile

86.3%

JSON

Related for CVE-2010-1811