Details of VAR-201009-0257

ID

VAR-201009-0257

CVE

CVE-2010-1817

TITLE

iPhone and iPod touch Run on Apple iOS of ImageIO Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2010-002087

DESCRIPTION

Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. Apple iOS for iPhone and iPod touch is prone to a buffer-overflow vulnerability that affects the 'ImageIO' component. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application, or to crash the affected application. This issue affects iOS 2.0 through 4.0.2 for iPhone 3G and later and iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later. NOTE: This issue was previously discussed in BID 43070 (Apple iPhone/iPod touch Prior to iOS 4.1 Multiple Vulnerabilities) but has been given its own record to better document it. ImageIO provides ImageReader and ImageWriter plugins for the Graphics Interchange Format (GIF) image format

Trust: 1.98

sources: NVD: CVE-2010-1817 // JVNDB: JVNDB-2010-002087 // BID: 43080 // VULHUB: VHN-44422

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	4.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	eq	version:	2.0 to 4.0.2 (iphone 3g after )	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	2.1 to 4.0.2 (ipod touch (2nd generation) after )	Trust: 0.8
vendor:	apple	model:	iphone	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ipod touch	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.3	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	iphone ipad	scope:	eq	version:	3.2.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	2.2.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	2.2.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	2.2-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	2.2-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	2.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	2.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	4.1	Trust: 0.3

sources: BID: 43080 // JVNDB: JVNDB-2010-002087 // CNNVD: CNNVD-201009-066 // NVD: CVE-2010-1817

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1817
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-1817
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201009-066
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-44422
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-1817
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2010-1817
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-44422
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-44422 // JVNDB: JVNDB-2010-002087 // CNNVD: CNNVD-201009-066 // NVD: CVE-2010-1817

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-44422 // JVNDB: JVNDB-2010-002087 // NVD: CVE-2010-1817

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201009-066

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201009-066

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002087

PATCH

title:	HT4334	url:	http://support.apple.com/kb/HT4334	Trust: 0.8
title:	HT4334	url:	http://support.apple.com/kb/HT4334?viewlocale=ja_JP	Trust: 0.8
title:	Apple iOS ImageIO Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203166	Trust: 0.6

sources: JVNDB: JVNDB-2010-002087 // CNNVD: CNNVD-201009-066

EXTERNAL IDS

db:	NVD	id:	CVE-2010-1817	Trust: 2.8
db:	XF	id:	61697	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-002087	Trust: 0.8
db:	CNNVD	id:	CNNVD-201009-066	Trust: 0.7
db:	BID	id:	43080	Trust: 0.4
db:	VULHUB	id:	VHN-44422	Trust: 0.1

sources: VULHUB: VHN-44422 // BID: 43080 // JVNDB: JVNDB-2010-002087 // CNNVD: CNNVD-201009-066 // NVD: CVE-2010-1817

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010//sep/msg00002.html	Trust: 1.7
url:	http://support.apple.com/kb/ht4334	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/61697	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1817	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/61697	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu407599	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1817	Trust: 0.8
url:	http://www.apple.com/iphone/softwareupdate/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-44422 // BID: 43080 // JVNDB: JVNDB-2010-002087 // CNNVD: CNNVD-201009-066 // NVD: CVE-2010-1817

CREDITS

Tom Ferris of Adobe PSIRT

Trust: 0.3

sources: BID: 43080

SOURCES

db:	VULHUB	id:	VHN-44422
db:	BID	id:	43080
db:	JVNDB	id:	JVNDB-2010-002087
db:	CNNVD	id:	CNNVD-201009-066
db:	NVD	id:	CVE-2010-1817

LAST UPDATE DATE

2024-11-23T22:14:20.934000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-44422	date:	2018-11-16T00:00:00
db:	BID	id:	43080	date:	2010-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2010-002087	date:	2010-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201009-066	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2010-1817	date:	2024-11-21T01:15:15.500

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-44422	date:	2010-09-09T00:00:00
db:	BID	id:	43080	date:	2010-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2010-002087	date:	2010-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201009-066	date:	2010-09-13T00:00:00
db:	NVD	id:	CVE-2010-1817	date:	2010-09-09T22:00:01.920