CVE-2010-0040

N/A Unknown
Published: March 15, 2010 Modified: April 29, 2026
View on NVD

Description

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
Source: product-security@apple.com
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Source: product-security@apple.com
Vendor Advisory
http://secunia.com/advisories/39135
Source: product-security@apple.com
http://support.apple.com/kb/HT4070
Source: product-security@apple.com
Vendor Advisory
http://support.apple.com/kb/HT4105
Source: product-security@apple.com
http://www.securityfocus.com/bid/38671
Source: product-security@apple.com
Patch
http://www.securityfocus.com/bid/38674
Source: product-security@apple.com
Patch
http://www.securitytracker.com/id?1023706
Source: product-security@apple.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/56826
Source: product-security@apple.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6741
Source: product-security@apple.com
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/39135
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.apple.com/kb/HT4070
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.apple.com/kb/HT4105
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/38671
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securityfocus.com/bid/38674
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securitytracker.com/id?1023706
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/56826
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6741
Source: af854a3a-2127-422b-91ae-364da2661108

20 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
19.8%
95th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-189

Affected Vendors

apple microsoft

Related CVEs

CVE-2026-45218 7.7
CVE-2026-45215 5.3
CVE-2026-45214 8.5
CVE-2026-45213 7.6
CVE-2026-45212 5.3