Unrated severityNVD Advisory· Published Sep 10, 2010· Updated Apr 29, 2026

CVE-2010-1807

Description

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

Affected products

Apple Inc./Safari12 versions
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0:beta:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*
Webkitgtk/Webkitgtk\+6 versions
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*range: <=1.2.5
- cpe:2.3:a:webkitgtk:webkitgtk:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:webkitgtk:webkitgtk:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:webkitgtk:webkitgtk:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:webkitgtk:webkitgtk:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:webkitgtk:webkitgtk:1.2.4:*:*:*:*:*:*:*
Google/Android6 versions
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*range: <=2.1
- cpe:2.3:o:google:android:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:1.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/43047nvdPatch
lists.apple.com/archives/security-announce/2010//Sep/msg00001.htmlnvdVendor Advisory
secunia.com/advisories/41856nvdVendor Advisory
secunia.com/advisories/43068nvdVendor Advisory
secunia.com/advisories/43086nvdVendor Advisory
support.apple.com/kb/HT4333nvdVendor Advisory
www.vupen.com/english/advisories/2010/2722nvdVendor Advisory
www.vupen.com/english/advisories/2010/3046nvdVendor Advisory
www.vupen.com/english/advisories/2011/0212nvdVendor Advisory
www.vupen.com/english/advisories/2011/0216nvdVendor Advisory
www.vupen.com/english/advisories/2011/0552nvdVendor Advisory
lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlnvd
lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvd
secunia.com/advisories/42314nvd
support.apple.com/kb/HT4456nvd
trac.webkit.org/changeset/64706nvd
www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attacknvd
www.mandriva.com/security/advisoriesnvd
www.redhat.com/support/errata/RHSA-2011-0177.htmlnvd
www.ubuntu.com/usn/USN-1006-1nvd
bugzilla.redhat.com/show_bug.cginvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11964nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.063
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000