CVE-2008-3623

Sažetak

Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.

Reference

http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://secunia.com/advisories/32706
http://secunia.com/advisories/33179
http://support.apple.com/kb/HT3298
http://support.apple.com/kb/HT3338
http://support.apple.com/kb/HT3639
http://www.securityfocus.com/bid/32291
http://www.securitytracker.com/id?1021225
http://www.us-cert.gov/cas/techalerts/TA08-350A.html
http://www.vupen.com/english/advisories/2008/3444
http://www.vupen.com/english/advisories/2009/1621

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-10-2018 - 16:25

Objavljeno

17-11-2008 - 18:18