| ID |
CVE-2008-2322
|
| Summary |
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
-
cpe:2.3:a:apple:coregraphics:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:coregraphics:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 08-08-2017 - 01:30) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-189 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| apple | APPLE-SA-2008-07-31 | | bid | | | idefense | 20080731 Apple Mac OS X CoreGraphics PDF Type1 Font Integer Overflow Vulnerability | | sectrack | 1020604 | | secunia | 31326 | | vupen | ADV-2008-2268 | | xf | macosx-coregraphics-pdf-bo(44128) |
|
| Last major update |
08-08-2017 - 01:30 |
| Published |
04-08-2008 - 01:41 |
| Last modified |
08-08-2017 - 01:30 |
