Page 43 of 293 results (0.013 seconds)

CVSS: 6.8EPSS: 12%CPEs: 15EXPL: 0

CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. CoreGraphics en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de un archivo PDF manipulado que provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/35074 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3549 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/34926 http://www.securitytracker.com/id?1022209 htt • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 89%CPEs: 17EXPL: 0

Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. Desbordamiento inferior de entero en QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicacion) a través de una imagen PICT elaborada que desencadena un desbordamiento de búfer basado en pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of PICT files in QuickTime.qts. While processing data for opcode 0x71 QuickTime trusts a value contained in the file and makes an allocation accordingly. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3549 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/archive/1/503878/100/0/threaded http://www.securityfocus.com/bid/34926 http://www.securityfocus.com/bid/34938 http://www.securitytracker.com/id?1022209 http:/ • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0

Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. Desbordamiento de búfer basado pila en CFNetwork en Apple Mac OS X v10.5 antes de v10.5.7 permite a servidores web remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de cabeceras HTTP largas. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securitytracker.com/id?1022211 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50480 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 5%CPEs: 16EXPL: 0

QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen PICT elaborado lo que provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securityfocus.com/bid/34937 http://www.securitytracker.com/id?1022209 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 30%CPEs: 16EXPL: 0

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font. Desbordamiento de búfer basado en pila en Apple Type Services (ATS) en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario a través de una fuente Compact Font Format (CFF) elaborada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw appears to exist in the ATSServer font server upon parsing of malicious Compact Font Format files. A boundary condition exists in the parsing of internal dictionaries that can lead to a memory corruption allowing the execution of arbitrary code. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/archive/1/503597/100/0/threaded http://www.securityfocus.com/bid/34926 http://www.securitytracker.com/id?1022218 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 http://www.zerodayinitiative.com/advisories/ZDI-09-023 https://exchange.xforce.ibmcloud. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •