Unrated severityNVD Advisory· Published Mar 15, 2010· Updated Apr 29, 2026

CVE-2010-0042

Description

ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

Affected products

Apple Inc./Safari6 versions
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=4.0.4
- cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/38671nvdPatch
www.securityfocus.com/bid/38677nvdPatch
lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlnvdVendor Advisory
support.apple.com/kb/HT4070nvdVendor Advisory
lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlnvd
lists.apple.com/archives/security-announce/2010//Mar/msg00003.htmlnvd
lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlnvd
lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlnvd
secunia.com/advisories/39135nvd
secunia.com/advisories/42314nvd
support.apple.com/kb/HT4077nvd
support.apple.com/kb/HT4105nvd
support.apple.com/kb/HT4225nvd
support.apple.com/kb/HT4456nvd
www.securitytracker.com/idnvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000