Unrated severityNVD Advisory· Published Mar 15, 2010· Updated Apr 29, 2026

CVE-2010-0041

Description

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

Affected products

Apple Inc./Safari6 versions
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=4.0.4
- cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/38671nvdPatch
www.securityfocus.com/bid/38676nvdPatch
lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlnvdVendor Advisory
support.apple.com/kb/HT4070nvdVendor Advisory
lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlnvd
lists.apple.com/archives/security-announce/2010//Mar/msg00003.htmlnvd
lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlnvd
secunia.com/advisories/39135nvd
support.apple.com/kb/HT4077nvd
support.apple.com/kb/HT4105nvd
support.apple.com/kb/HT4225nvd
www.securitytracker.com/idnvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6885nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000