Improper input validation in Apple Safari

CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of serv…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.786 (99.1th percentile) — read the EPSS interpretation.

Affected products

Apple Safari — versions 5.0.1, 4.1, 4.0
Google Android — versions 1.0, 2.0, 1.5
Webkitgtk — versions 1.2.0, 1.2.3, 1.2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

MDVSA-2011:039 (vendor-advisory, x_refsource_MANDRIVA)
product-security@apple.com (x_refsource_CONFIRM)
ADV-2010-2722 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
43068 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
USN-1006-1 (x_refsource_UBUNTU, vendor-advisory)
41856 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
ADV-2011-0212 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
ADV-2010-3046 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
ADV-2011-0216 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
APPLE-SA-2010-09-07-1 (vendor-advisory, x_refsource_APPLE, Vendor Advisory)