Fluid Attacks Database

Description

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	webkitgtk	<0:1.2.6-2.el6_0	0:1.2.6-2.el6_0

Aliases

1. CVE-2010-18072. NVD-2010-18073. OSV-2010-1807

References

1. https://www.exploit-db.com/exploits/15548

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.