Apple : Security Vulnerabilities, CVEs, Published In 2009 (Denial of service)
Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-05-13
Updated
2017-08-08
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.
Max CVSS
5.0
EPSS Score
19.49%
Published
2009-01-02
Updated
2017-08-08
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
Max CVSS
9.3
EPSS Score
2.90%
Published
2009-01-21
Updated
2018-10-30
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.
Max CVSS
9.3
EPSS Score
89.25%
Published
2009-01-21
Updated
2018-10-30
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.
Max CVSS
9.3
EPSS Score
42.02%
Published
2009-01-21
Updated
2018-10-30
Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.
Max CVSS
9.3
EPSS Score
3.00%
Published
2009-01-21
Updated
2018-10-30
Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.
Max CVSS
9.3
EPSS Score
3.82%
Published
2009-01-21
Updated
2018-10-30
Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
59.45%
Published
2009-01-21
Updated
2018-10-11
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.
Max CVSS
9.3
EPSS Score
88.56%
Published
2009-01-21
Updated
2017-09-29
Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.
Max CVSS
7.6
EPSS Score
1.69%
Published
2009-01-22
Updated
2017-09-29
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.
Max CVSS
6.8
EPSS Score
1.34%
Published
2009-02-13
Updated
2017-08-08
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
88.90%
Published
2009-05-13
Updated
2018-10-11
Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.
Max CVSS
5.0
EPSS Score
24.69%
Published
2009-03-14
Updated
2018-10-11
Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.
Max CVSS
7.5
EPSS Score
2.39%
Published
2009-02-13
Updated
2011-03-08
Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.
Max CVSS
7.8
EPSS Score
3.41%
Published
2009-02-13
Updated
2011-03-08
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Max CVSS
6.8
EPSS Score
6.86%
Published
2009-02-22
Updated
2024-02-09
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.
Max CVSS
9.3
EPSS Score
0.50%
Published
2009-01-08
Updated
2017-09-29
Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
0.20%
Published
2009-02-13
Updated
2011-03-08
Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name.
Max CVSS
9.3
EPSS Score
0.16%
Published
2009-02-13
Updated
2011-03-08
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."
Max CVSS
1.9
EPSS Score
0.04%
Published
2009-02-12
Updated
2011-03-08
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.
Max CVSS
6.8
EPSS Score
12.10%
Published
2009-05-13
Updated
2017-08-08
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
Max CVSS
4.3
EPSS Score
2.76%
Published
2009-04-23
Updated
2019-03-06
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
Max CVSS
4.3
EPSS Score
2.10%
Published
2009-04-23
Updated
2019-03-06
Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.
Max CVSS
4.4
EPSS Score
0.04%
Published
2009-05-13
Updated
2017-08-08
Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.
Max CVSS
4.4
EPSS Score
0.04%
Published
2009-05-13
Updated
2017-08-08