var-201008-0309
Vulnerability from variot
Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file. Apple Mac OS X is prone to a heap-based buffer-overflow vulnerability that affects 'Preview.app' in the CoreGraphics component. Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. This issue affects the following: Mac OS X 10.5.8 Mac OS X Server 10.5.8 Mac OS X 10.6.4 Mac OS X Server 10.6.4. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/
Apple CoreGraphics (Preview) Memory Corruption when parsing PDF files CVE-2010-1801
INTRODUCTION
Apple Preview.app is the default application used in Apple MacOS systems in order to visualize PDF files and does not properly parse PDF files, which leads to memory corruption when opening a malformed file with an invalid size on JBIG2 structure at offset 0x2C1 as in PoC Repro1.pdf or offset 0x2C5 as in PoC Repro2.pdf (both values trigger the same vulnerability).
This problem was confirmed in the following versions of Apple Preview and MacOS, other versions may be also affected.
The problem is triggered by PoCs available to interested parts which causes invalid memory access in all the refered versions.
DETAILS
Changing offset 0x2C1:
0xdee8600 <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3764>: xor %esi,%esi 0xdee8602 <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3766>: mov -0x7c(%ebp),%edx 0xdee8605 <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3769>: mov -0x118(%ebp),%eax 0xdee860b <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3775>: mov -0x7c(%ebp),%ecx 0xdee860e <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3778>: inc %edx 0xdee860f <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3779>: cmp 0x8(%eax),%ecx 0xdee8612 <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3782>: jae 0xdee861a <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3790> 0xdee8614 <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3784>: mov 0xc(%eax),%eax 0xdee8617 <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3787>: mov %esi,(%eax,%edi,1) <----- Crash
(gdb) i r $esi $eax $edi esi 0xc79e860 209315936 eax 0x0 0 edi 0x0 0
(gdb) bt
0 0x0dee8617 in JBIG2Stream::readSymbolDictSeg ()
1 0x0dee4f0f in JBIG2Stream::readSegments ()
2 0x0dee4b5e in JBIG2Stream::reset ()
3 0x0dee499b in read_bytes ()
4 0x96d33f32 in jbig2_filter_refill ()
5 0x96a4b56c in CGPDFSourceRefill ()
6 0x96a4b402 in CGPDFSourceRead ()
Changing offset 0x2C5:
0xdeb52dc <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2960>: inc %esp 0xdeb52dd <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2961>: and $0x4,%al 0xdeb52df <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2963>: add %al,(%eax) 0xdeb52e1 <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2965>: add %al,(%eax) 0xdeb52e3 <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2967>: mov %edx,(%esp) 0xdeb52e6 <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2970>: call 0xdeb2a96 <_ZN11JBIG2Stream17readGenericBitmapEiiiiiiP11JBIG2BitmapPiS2_i> 0xdeb52eb <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2975>: mov -0x94(%ebp),%ecx 0xdeb52f1 <_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2981>: mov %eax,(%ecx) <----- Crash
(gdb) i r $eax $ecx eax 0xc79b640 209303104 ecx 0x0 0
(gdb) bt
0 0x0deb52f1 in JBIG2Stream::readSymbolDictSeg ()
1 0x0deb1f0f in JBIG2Stream::readSegments ()
2 0x0deb1b5e in JBIG2Stream::reset ()
3 0x0deb199b in read_bytes ()
4 0x96d33f32 in jbig2_filter_refill ()
5 0x96a4b56c in CGPDFSourceRefill ()
6 0x96a4b402 in CGPDFSourceRead ()
7 0x96aa3c8f in CGAccessSessionGetChunks ()
CREDITS
This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT).
Best Regards,
Rodrigo.
-- Rodrigo Rubira Branco Senior Security Researcher Vulnerability Discovery Team (VDT) Check Point Software Technologies
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coregraphics",
"scope": null,
"trust": 1.4,
"vendor": "apple",
"version": null
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": "coregraphics",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
}
],
"sources": [
{
"db": "BID",
"id": "42653"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001972"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-294"
},
{
"db": "NVD",
"id": "CVE-2010-1801"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:coregraphics",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001972"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rodrigo Rubira Branco of the Check Point Vulnerability Discovery Team (VDT)",
"sources": [
{
"db": "BID",
"id": "42653"
}
],
"trust": 0.3
},
"cve": "CVE-2010-1801",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2010-1801",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-44406",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-1801",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-1801",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-44406",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2010-1801",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44406"
},
{
"db": "VULMON",
"id": "CVE-2010-1801"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001972"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-294"
},
{
"db": "NVD",
"id": "CVE-2010-1801"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file. Apple Mac OS X is prone to a heap-based buffer-overflow vulnerability that affects \u0027Preview.app\u0027 in the CoreGraphics component. \nSuccessfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. \nThis issue affects the following:\nMac OS X 10.5.8\nMac OS X Server 10.5.8\nMac OS X 10.6.4\nMac OS X Server 10.6.4. Check Point Software Technologies - Vulnerability Discovery Team (VDT)\nhttp://www.checkpoint.com/defense/\n\nApple CoreGraphics (Preview) Memory Corruption when parsing PDF files\nCVE-2010-1801\n\n\nINTRODUCTION\n\nApple Preview.app is the default application used in Apple MacOS systems in order to visualize PDF files and does not properly parse PDF files, which leads to memory corruption when opening a malformed file with an invalid size on JBIG2 structure at offset 0x2C1 as in PoC Repro1.pdf or offset 0x2C5 as in PoC Repro2.pdf (both values trigger the same vulnerability). \n\nThis problem was confirmed in the following versions of Apple Preview and MacOS, other versions may be also affected. \n\nThe problem is triggered by PoCs available to interested parts which causes invalid memory access in all the refered versions. \n\n\nDETAILS\n\n\nChanging offset 0x2C1:\n\n0xdee8600 \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3764\u003e:\txor %esi,%esi \n0xdee8602 \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3766\u003e:\tmov -0x7c(%ebp),%edx\n0xdee8605 \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3769\u003e:\tmov -0x118(%ebp),%eax\n0xdee860b \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3775\u003e:\tmov -0x7c(%ebp),%ecx\n0xdee860e \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3778\u003e:\tinc %edx \n0xdee860f \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3779\u003e:\tcmp 0x8(%eax),%ecx\n0xdee8612 \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3782\u003e:\tjae 0xdee861a \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3790\u003e\n0xdee8614 \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3784\u003e:\tmov 0xc(%eax),%eax\n0xdee8617 \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+3787\u003e:\tmov %esi,(%eax,%edi,1) \u003c----- Crash\n\n(gdb) i r $esi $eax $edi\nesi 0xc79e860\t209315936\neax 0x0\t0\nedi 0x0\t0\n\n(gdb) bt\n#0 0x0dee8617 in JBIG2Stream::readSymbolDictSeg ()\n#1 0x0dee4f0f in JBIG2Stream::readSegments ()\n#2 0x0dee4b5e in JBIG2Stream::reset ()\n#3 0x0dee499b in read_bytes ()\n#4 0x96d33f32 in jbig2_filter_refill ()\n#5 0x96a4b56c in CGPDFSourceRefill ()\n#6 0x96a4b402 in CGPDFSourceRead ()\n\n\nChanging offset 0x2C5:\n\n0xdeb52dc \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2960\u003e:\tinc %esp\n0xdeb52dd \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2961\u003e:\tand $0x4,%al\n0xdeb52df \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2963\u003e:\tadd %al,(%eax)\n0xdeb52e1 \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2965\u003e:\tadd %al,(%eax)\n0xdeb52e3 \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2967\u003e:\tmov %edx,(%esp)\n0xdeb52e6 \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2970\u003e:\tcall 0xdeb2a96 \u003c_ZN11JBIG2Stream17readGenericBitmapEiiiiiiP11JBIG2BitmapPiS2_i\u003e\n0xdeb52eb \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2975\u003e:\tmov -0x94(%ebp),%ecx\n0xdeb52f1 \u003c_ZN11JBIG2Stream17readSymbolDictSegEjjPjj+2981\u003e:\tmov %eax,(%ecx) \u003c----- Crash\n\n\n(gdb) i r $eax $ecx\neax 0xc79b640\t209303104\necx 0x0\t0\n\n\n\n(gdb) bt\n#0 0x0deb52f1 in JBIG2Stream::readSymbolDictSeg ()\n#1 0x0deb1f0f in JBIG2Stream::readSegments ()\n#2 0x0deb1b5e in JBIG2Stream::reset ()\n#3 0x0deb199b in read_bytes ()\n#4 0x96d33f32 in jbig2_filter_refill ()\n#5 0x96a4b56c in CGPDFSourceRefill ()\n#6 0x96a4b402 in CGPDFSourceRead ()\n#7 0x96aa3c8f in CGAccessSessionGetChunks ()\n\n\n\nCREDITS\n\nThis vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT). \n\n\n\n\n\nBest Regards,\n \nRodrigo. \n \n--\nRodrigo Rubira Branco\nSenior Security Researcher\nVulnerability Discovery Team (VDT)\nCheck Point Software Technologies\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1801"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001972"
},
{
"db": "BID",
"id": "42653"
},
{
"db": "VULHUB",
"id": "VHN-44406"
},
{
"db": "VULMON",
"id": "CVE-2010-1801"
},
{
"db": "PACKETSTORM",
"id": "93171"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-44406",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44406"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-1801",
"trust": 3.0
},
{
"db": "SECTRACK",
"id": "1024359",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001972",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201008-294",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2010-08-24-1",
"trust": 0.6
},
{
"db": "BID",
"id": "42653",
"trust": 0.5
},
{
"db": "PACKETSTORM",
"id": "93171",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-44406",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-1801",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44406"
},
{
"db": "VULMON",
"id": "CVE-2010-1801"
},
{
"db": "BID",
"id": "42653"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001972"
},
{
"db": "PACKETSTORM",
"id": "93171"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-294"
},
{
"db": "NVD",
"id": "CVE-2010-1801"
}
]
},
"id": "VAR-201008-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-44406"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:14:21.497000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4312",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4312"
},
{
"title": "HT4312",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4312?viewlocale=ja_JP"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/0xCyberY/CVE-T4PDF "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1801"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001972"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44406"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001972"
},
{
"db": "NVD",
"id": "CVE-2010-1801"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://securitytracker.com/id?1024359"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2010//aug/msg00003.html"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4312"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1801"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1801"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "/archive/1/513355"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/42653"
},
{
"trust": 0.1,
"url": "https://github.com/0xcybery/cve-t4pdf"
},
{
"trust": 0.1,
"url": "http://www.checkpoint.com/defense/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1801"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44406"
},
{
"db": "VULMON",
"id": "CVE-2010-1801"
},
{
"db": "BID",
"id": "42653"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001972"
},
{
"db": "PACKETSTORM",
"id": "93171"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-294"
},
{
"db": "NVD",
"id": "CVE-2010-1801"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-44406"
},
{
"db": "VULMON",
"id": "CVE-2010-1801"
},
{
"db": "BID",
"id": "42653"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001972"
},
{
"db": "PACKETSTORM",
"id": "93171"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-294"
},
{
"db": "NVD",
"id": "CVE-2010-1801"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-44406"
},
{
"date": "2010-08-25T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1801"
},
{
"date": "2010-08-24T00:00:00",
"db": "BID",
"id": "42653"
},
{
"date": "2010-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001972"
},
{
"date": "2010-08-27T01:44:13",
"db": "PACKETSTORM",
"id": "93171"
},
{
"date": "2010-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-294"
},
{
"date": "2010-08-25T20:00:16.767000",
"db": "NVD",
"id": "CVE-2010-1801"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-44406"
},
{
"date": "2010-11-17T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1801"
},
{
"date": "2010-09-01T18:35:00",
"db": "BID",
"id": "42653"
},
{
"date": "2010-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001972"
},
{
"date": "2010-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-294"
},
{
"date": "2024-11-21T01:15:13.520000",
"db": "NVD",
"id": "CVE-2010-1801"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-294"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of CoreGraphics Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001972"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-294"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…