Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.
Max CVSS
7.5
EPSS Score
0.39%
Published
2012-02-02
Updated
2012-02-03
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
Max CVSS
7.5
EPSS Score
5.88%
Published
2012-02-02
Updated
2018-01-06
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.
Max CVSS
7.5
EPSS Score
2.55%
Published
2012-02-02
Updated
2012-09-22
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
Max CVSS
7.5
EPSS Score
6.61%
Published
2012-02-02
Updated
2012-05-18
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.19%
Published
2012-09-20
Updated
2012-09-21
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
Max CVSS
7.5
EPSS Score
11.25%
Published
2012-05-11
Updated
2012-05-30
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.
Max CVSS
7.5
EPSS Score
2.68%
Published
2012-09-20
Updated
2017-08-29
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
Max CVSS
6.8
EPSS Score
0.10%
Published
2012-02-02
Updated
2012-02-03
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
Max CVSS
6.8
EPSS Score
0.16%
Published
2012-02-02
Updated
2012-02-03
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.
Max CVSS
6.8
EPSS Score
0.11%
Published
2012-02-02
Updated
2012-02-03
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
Max CVSS
6.8
EPSS Score
1.59%
Published
2012-02-02
Updated
2012-05-18
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
Max CVSS
6.8
EPSS Score
3.27%
Published
2012-02-02
Updated
2012-05-18
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.
Max CVSS
6.8
EPSS Score
0.82%
Published
2012-05-11
Updated
2017-12-05
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
Max CVSS
6.8
EPSS Score
1.98%
Published
2012-05-11
Updated
2012-05-30
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
Max CVSS
6.8
EPSS Score
59.49%
Published
2012-05-11
Updated
2012-05-30
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
Max CVSS
6.8
EPSS Score
1.94%
Published
2012-05-11
Updated
2012-05-30
Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
Max CVSS
6.8
EPSS Score
3.25%
Published
2012-05-11
Updated
2017-12-05
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Max CVSS
6.8
EPSS Score
1.85%
Published
2012-09-20
Updated
2017-08-29
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.
Max CVSS
4.6
EPSS Score
0.06%
Published
2012-09-20
Updated
2017-08-29
19 vulnerabilities found