CVE-2010-0043

🟠 Łataj w tym tygodniu

Błąd w ImageIO w Safari i iTunes umożliwia zdalne wykonanie kodu przez złośliwy obraz TIFF.

CVSS

9.3

EPSS

16.2%

Exploit

none

Vendor

apple

Opis źródłowy (NVD)

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

dos Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	9.3
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	16.2%
Opublikowano (NVD)	2010-03-15 13:28:25 UTC
Ostatnia modyfikacja (NVD)	2026-04-29 01:13:23 UTC

Referencje

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html (product-security@apple.com)
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html (product-security@apple.com)
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html (product-security@apple.com)
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html (product-security@apple.com) [Vendor Advisory]
http://secunia.com/advisories/39135 (product-security@apple.com)
http://support.apple.com/kb/HT4070 (product-security@apple.com) [Vendor Advisory]
http://support.apple.com/kb/HT4077 (product-security@apple.com)
http://support.apple.com/kb/HT4105 (product-security@apple.com)
http://support.apple.com/kb/HT4225 (product-security@apple.com)
http://www.securityfocus.com/bid/38671 (product-security@apple.com) [Patch]
http://www.securityfocus.com/bid/38673 (product-security@apple.com) [Patch]
http://www.securitytracker.com/id?1023706 (product-security@apple.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6901 (product-security@apple.com)