Heap-Based Buffer Overflow in Apple Safari Products
CVE-2011-0241

Currently unrated

Key Information:

Vendor: Apple
Status: Imageio; Safari
Vendor: CVE Published:; 21 July 2011

Summary

A vulnerability in Apple Safari allows remote attackers to exploit a heap-based buffer overflow through specially crafted TIFF images encoded with CCITT Group 4. This could lead to arbitrary code execution or cause an application crash, raising significant security concerns for users of affected versions prior to 5.0.6.

References

http://support.apple.com/kb/HT5130

x_refsource_CONFIRM

http://lists.apple.com/archives/Security-announce/2011//O...

vendor-advisoryx_refsource_APPLE

http://lists.apple.com/archives/security-announce/2012/Fe...

vendor-advisoryx_refsource_APPLE

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 21, 2011
Vulnerability Reserved
Dec 23, 2010