CVE-2012-3650

MEDIUM

Description

WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

References

http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://support.apple.com/kb/HT5400

http://support.apple.com/kb/HT5503

http://www.securityfocus.com/bid/54703

Details

Source: MITRE

Published: 2012-07-25

Updated: 2013-03-22

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM