CVE-2009-2804

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions 10.4.11 through 10.5.8 Safari versions prior to 4.0.4

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. This occurs due to an integer overflow in ColorSync.

Recommendations For Apple Mac OS X versions 10.4.11 through 10.5.8, update to a version that includes the fix for the integer overflow in ColorSync. For Safari versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue.