PT-2008-3812 · Apple · Coregraphics+1

Kobi Pariente

Published

2008-08-04

Updated

2017-08-08

CVE-2008-2322

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.4.11, 10.5.2, 10.5.4

Description: The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash, via a PDF file with a long Type 1 font. This triggers a heap-based buffer overflow due to an integer overflow in CoreGraphics.

Recommendations: For Apple Mac OS X version 10.4.11, update to a version that includes the fix for the integer overflow in CoreGraphics. For Apple Mac OS X version 10.5.2, update to a version that includes the fix for the integer overflow in CoreGraphics. For Apple Mac OS X version 10.5.4, update to a version that includes the fix for the integer overflow in CoreGraphics.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2008-2322

Affected Products

Coregraphics

Macos X

PT-2008-3812 · Apple · Coregraphics+1

CVE-2008-2322

Weakness Enumeration

Related Identifiers

Affected Products

References · 9