CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2008 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5406 119 1 DoS Exec Code Overflow 2008-12-10 2009-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
2 CVE-2008-5286 189 Exec Code Overflow Bypass 2008-12-01 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
3 CVE-2008-4220 189 DoS Exec Code Overflow 2008-12-16 2009-08-20
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.
4 CVE-2008-4218 189 Overflow +Priv 2008-12-16 2009-08-20
7.2
Admin Local Low Not required Complete Complete Complete
Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt.
5 CVE-2008-4217 189 Exec Code Overflow 2008-12-16 2009-02-06
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
6 CVE-2008-4116 119 1 DoS Exec Code Overflow 2008-09-18 2011-01-06
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.
7 CVE-2008-3647 119 DoS Exec Code Overflow 2008-10-10 2009-02-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.
8 CVE-2008-3645 119 Exec Code Overflow 2008-10-10 2009-02-10
7.2
Admin Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.
9 CVE-2008-3642 119 DoS Exec Code Overflow 2008-10-10 2012-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.
10 CVE-2008-3640 189 Exec Code Overflow 2008-10-14 2012-10-29
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.
11 CVE-2008-3639 119 Exec Code Overflow 2008-10-14 2012-10-29
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.
12 CVE-2008-3636 189 Overflow +Priv 2008-09-10 2013-08-06
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
13 CVE-2008-3635 119 DoS Exec Code Overflow 2008-09-10 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
14 CVE-2008-3626 119 DoS Exec Code Overflow Mem. Corr. 2008-09-10 2013-11-02
6.8
None Remote Medium Not required Partial Partial Partial
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
15 CVE-2008-3625 119 DoS Exec Code Overflow 2008-09-10 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms.
16 CVE-2008-3624 119 DoS Exec Code Overflow 2008-09-10 2013-11-02
6.8
User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.
17 CVE-2008-3623 119 DoS Exec Code Overflow 2008-11-17 2012-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.
18 CVE-2008-3616 189 DoS Exec Code Overflow 2008-09-16 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.
19 CVE-2008-3614 189 DoS Exec Code Overflow 2008-09-10 2013-11-02
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
20 CVE-2008-2322 189 DoS Exec Code Overflow 2008-08-03 2008-09-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.
21 CVE-2008-2320 119 DoS Exec Code Overflow 2008-08-03 2011-08-04
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.
22 CVE-2008-2305 119 Exec Code Overflow 2008-09-16 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
23 CVE-2008-2304 119 1 DoS Exec Code Overflow 2008-07-14 2009-01-29
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains many characters.
24 CVE-2008-2001 119 DoS Overflow 2008-04-28 2009-01-29
4.3
None Remote Medium Not required None None Partial
Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.
25 CVE-2008-1584 119 DoS Exec Code Overflow 2008-06-10 2008-12-03
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file.
26 CVE-2008-1583 119 DoS Exec Code Overflow 2008-06-10 2008-12-03
6.8
User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581.
27 CVE-2008-1581 119 DoS Exec Code Overflow 2008-06-10 2008-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.
28 CVE-2008-1574 119 DoS Exec Code Overflow 2008-06-02 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.
29 CVE-2008-1573 119 Overflow +Info 2008-06-02 2011-07-14
7.1
None Remote Medium Not required Complete None None
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.
30 CVE-2008-1034 189 DoS Exec Code Overflow 2008-06-02 2011-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.
31 CVE-2008-1031 119 DoS Exec Code Overflow 2008-06-02 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.
32 CVE-2008-1030 20 DoS Exec Code Overflow 2008-06-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.
33 CVE-2008-1026 119 Exec Code Overflow 2008-04-17 2009-01-29
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.
34 CVE-2008-1023 119 Exec Code Overflow 2008-04-04 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.
35 CVE-2008-1022 119 Exec Code Overflow 2008-04-04 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.
36 CVE-2008-1021 119 Exec Code Overflow 2008-04-04 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding.
37 CVE-2008-1020 119 Exec Code Overflow 2008-04-04 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.
38 CVE-2008-1019 119 Exec Code Overflow 2008-04-04 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.
39 CVE-2008-1018 119 Exec Code Overflow 2008-04-04 2009-02-26
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.
40 CVE-2008-1017 119 Exec Code Overflow 2008-04-04 2009-02-26
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
41 CVE-2008-1015 119 Exec Code Overflow 2008-04-04 2009-02-26
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
42 CVE-2008-1010 119 Exec Code Overflow 2008-03-18 2013-09-09
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.
43 CVE-2008-0997 119 DoS Exec Code Overflow 2008-03-18 2008-10-11
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.
44 CVE-2008-0992 119 Exec Code Overflow 2008-03-18 2008-10-11
5.8
None Remote Medium Not required None Partial Partial
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
45 CVE-2008-0987 119 Exec Code Overflow 2008-03-18 2013-09-01
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.
46 CVE-2008-0778 119 1 DoS Exec Code Overflow 2008-02-14 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.
47 CVE-2008-0234 119 2 Exec Code Overflow 2008-01-10 2011-08-04
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.
48 CVE-2008-0057 189 Exec Code Overflow 2008-03-18 2011-09-09
6.8
User Remote Medium Not required Partial Partial Partial
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.
49 CVE-2008-0056 119 Exec Code Overflow 2008-03-18 2008-10-11
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.
50 CVE-2008-0053 119 Exec Code Overflow 2008-03-18 2011-05-13
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
Total number of vulnerabilities : 54   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.