CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
93.4%
Off-by-one error in the
_web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit
in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows
remote attackers to cause a denial of service (browser crash) via a
JavaScript alert call with an argument that lacks breakable characters and
has a length that is a multiple of the memory page size, leading to an
out-of-bounds read.
Author | Note |
---|---|
mdeslaur | looks like a safari bug (code not present in webkit) |