CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2010-3784
https://notcve.org/view.php?id=CVE-2010-3784
The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. El API PMPageFormatCreateWithDataRepresentation para Printing en Apple Mac OS X v10.5.8 y v10.6.x anterior a v10.6.5 no maneja adecuadamente los datos XML, lo que permite a atacantes provocar una denegación de servicio (referencia a puntero nulo -NULL- y caída de la aplicación) a través de llamadas no especificadas a la API. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://www.securitytracker.com/id?1024723 •
CVSS: 6.8EPSS: 2%CPEs: 10EXPL: 0CVE-2010-3787
https://notcve.org/view.php?id=CVE-2010-3787
Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image. Desbordamiento de búfer basado en memoria dinámica en QuickTime en Apple Mac OS X v10.6.x anteriores a v10.6.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de una imagen JP2. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://support.apple.com/kb/HT4447 http://www.kb.cert.org/vuls/id/309873 http://www.securityfocus.com/bid/44798 http://www.securitytracker.com/id?1024729 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 12EXPL: 0CVE-2010-1845
https://notcve.org/view.php?id=CVE-2010-1845
ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image. ImageIO en Apple Mac OS X v10.5.8 y v10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de una imagen PSD manipulada. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://www.securityfocus.com/archive/1/514867/100/0/threaded http://www.securitytracker.com/id?1024723 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 2%CPEs: 12EXPL: 0CVE-2010-3785
https://notcve.org/view.php?id=CVE-2010-3785
Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. Desbordamiento de búfer en QuickLook en Apple Mac OS X v10.5.8 y v10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de un documento Microsoft Office manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00006.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://support.apple.com/kb/HT5004 http://www.securitytracker.com/id?1024723 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 12EXPL: 0CVE-2010-3790 – Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3790
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary. QuickTime en Apple Mac OS X V10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída aplicación) a través de un archivo de película manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a Matrix structure within a particular opcode embedded within a .pict file. When using this Matrix structure to transform image data, the application will miscalculate an index to represent a row of an object. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4435 http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4723 http://www.securityfocus.com/bid/44794 http://www.securitytracker.com/id?1024729 http://www.zerodayinitiative.com/advisories/ZDI-11-038 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •