PT-2009-2844 · Apple · Coregraphics+2
Barry K. Nathan
·
Published
2009-05-13
·
Updated
2017-08-08
·
CVE-2009-0155
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apple Mac OS X versions 10.5 through 10.5.6
Apple iPhone OS versions 1.0 through 2.2.1
Apple iPhone OS for iPod touch versions 1.1 through 2.2.1
Description
The issue is caused by an integer underflow in CoreGraphics, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted PDF file that triggers a heap-based buffer overflow.
Recommendations
For Apple Mac OS X versions 10.5 through 10.5.6, update to version 10.5.7 or later.
For Apple iPhone OS versions 1.0 through 2.2.1, update to a version later than 2.2.1.
For Apple iPhone OS for iPod touch versions 1.1 through 2.2.1, update to a version later than 2.2.1.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coregraphics
Macos X
Ios