CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2008 (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5406 119 1 DoS Exec Code Overflow 2008-12-10 2009-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
2 CVE-2008-5183 399 1 DoS 2008-11-20 2011-03-17
4.3
None Remote Medium Not required None None Partial
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.
3 CVE-2008-4236 399 DoS 2008-12-16 2009-02-06
7.1
None Remote Medium Not required None None Complete
Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file.
4 CVE-2008-4231 399 DoS Exec Code Mem. Corr. 2008-11-25 2009-06-13
9.3
None Remote Medium Not required Complete Complete Complete
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
5 CVE-2008-4224 20 DoS 2008-12-16 2009-02-06
7.1
None Remote Medium Not required None None Complete
UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file.
6 CVE-2008-4222 399 DoS 2008-12-16 2009-08-20
7.1
None Remote Medium Not required None None Complete
natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet.
7 CVE-2008-4221 399 DoS Exec Code Mem. Corr. 2008-12-16 2009-08-20
10.0
Admin Remote Low Not required Complete Complete Complete
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.
8 CVE-2008-4220 189 DoS Exec Code Overflow 2008-12-16 2009-08-20
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.
9 CVE-2008-4219 399 DoS 2008-12-16 2009-08-20
4.9
None Local Low Not required None None Complete
The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application.
10 CVE-2008-4211 189 DoS Exec Code 2008-10-10 2011-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
11 CVE-2008-4116 119 1 DoS Exec Code Overflow 2008-09-18 2011-01-06
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.
12 CVE-2008-3950 189 DoS 2008-09-16 2009-01-29
5.0
None Remote Low Not required None None Partial
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
13 CVE-2008-3647 119 DoS Exec Code Overflow 2008-10-10 2009-02-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.
14 CVE-2008-3643 DoS 2008-10-10 2009-02-10
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue."
15 CVE-2008-3642 119 DoS Exec Code Overflow 2008-10-10 2012-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.
16 CVE-2008-3635 119 DoS Exec Code Overflow 2008-09-10 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
17 CVE-2008-3632 399 DoS Exec Code 2008-09-10 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.
18 CVE-2008-3629 399 DoS 2008-09-10 2013-11-02
4.3
None Remote Medium Not required None None Partial
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.
19 CVE-2008-3628 399 DoS Exec Code 2008-09-10 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."
20 CVE-2008-3627 399 DoS Exec Code 2008-09-10 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.
21 CVE-2008-3626 119 DoS Exec Code Overflow Mem. Corr. 2008-09-10 2013-11-02
6.8
None Remote Medium Not required Partial Partial Partial
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
22 CVE-2008-3625 119 DoS Exec Code Overflow 2008-09-10 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms.
23 CVE-2008-3624 119 DoS Exec Code Overflow 2008-09-10 2013-11-02
6.8
User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.
24 CVE-2008-3623 119 DoS Exec Code Overflow 2008-11-17 2012-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.
25 CVE-2008-3621 399 DoS Exec Code Mem. Corr. 2008-09-16 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.
26 CVE-2008-3616 189 DoS Exec Code Overflow 2008-09-16 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.
27 CVE-2008-3615 399 DoS Exec Code 2008-09-10 2010-06-23
9.3
None Remote Medium Not required Complete Complete Complete
ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
28 CVE-2008-3614 189 DoS Exec Code Overflow 2008-09-10 2013-11-02
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
29 CVE-2008-3613 399 DoS 2008-09-16 2008-11-15
6.1
None Local Network Low Not required None None Complete
Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network.
30 CVE-2008-3608 399 DoS Exec Code Mem. Corr. 2008-09-16 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.
31 CVE-2008-2332 399 DoS Exec Code Mem. Corr. 2008-09-16 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.
32 CVE-2008-2326 20 DoS 2008-09-10 2009-08-19
5.0
None Remote Low Not required None None Partial
mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.
33 CVE-2008-2325 399 DoS Exec Code Mem. Corr. 2008-08-03 2008-09-10
9.3
None Remote Medium Not required Complete Complete Complete
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."
34 CVE-2008-2323 399 DoS 2008-08-03 2008-09-10
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.
35 CVE-2008-2322 189 DoS Exec Code Overflow 2008-08-03 2008-09-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.
36 CVE-2008-2321 399 DoS Exec Code Mem. Corr. 2008-08-03 2009-06-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."
37 CVE-2008-2320 119 DoS Exec Code Overflow 2008-08-03 2011-08-04
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.
38 CVE-2008-2317 399 DoS Exec Code 2008-07-14 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.
39 CVE-2008-2310 134 DoS Exec Code 2008-07-01 2008-09-10
6.8
User Remote Medium Not required Partial Partial Partial
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.
40 CVE-2008-2308 264 DoS +Priv Mem. Corr. 2008-07-01 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.
41 CVE-2008-2307 399 DoS Exec Code Mem. Corr. 2008-06-23 2011-03-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.
42 CVE-2008-2304 119 1 DoS Exec Code Overflow 2008-07-14 2009-01-29
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains many characters.
43 CVE-2008-2303 189 DoS Exec Code 2008-07-14 2012-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.
44 CVE-2008-2006 20 DoS Exec Code 2008-05-22 2009-04-08
4.3
None Remote Medium Not required None None Partial
Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line.
45 CVE-2008-2001 119 DoS Overflow 2008-04-28 2009-01-29
4.3
None Remote Medium Not required None None Partial
Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.
46 CVE-2008-2000 399 DoS 2008-04-28 2009-01-29
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.
47 CVE-2008-1739 399 DoS Exec Code Mem. Corr. 2008-09-03 2008-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.
48 CVE-2008-1586 399 DoS 2008-11-25 2009-02-20
7.1
None Remote Medium Not required None None Complete
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
49 CVE-2008-1584 119 DoS Exec Code Overflow 2008-06-10 2008-12-03
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file.
50 CVE-2008-1583 119 DoS Exec Code Overflow 2008-06-10 2008-12-03
6.8
User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581.
Total number of vulnerabilities : 76   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.