CVE-2009-2804

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
applemac_os_x
10.4.11
applemac_os_x
10.5.8
applemac_os_x_server
10.4.11
applemac_os_x_server
10.5.8
applesafari
𝑥
≤ 4.0.3
applesafari
0.8
applesafari
0.9
applesafari
1.0
applesafari
1.0:beta
applesafari
1.0:beta2
applesafari
1.0.0
applesafari
1.0.0b1:b1
applesafari
1.0.0b2:b2
applesafari
1.0.1
applesafari
1.0.2
applesafari
1.0.3
applesafari
1.1.0
applesafari
1.1.1
applesafari
1.2
applesafari
1.2.0
applesafari
1.2.1
applesafari
1.2.2
applesafari
1.2.3
applesafari
1.2.4
applesafari
1.2.5
applesafari
1.3
applesafari
1.3.0
applesafari
1.3.1
applesafari
1.3.2
applesafari
2.0
applesafari
2.0.0
applesafari
2.0.1
applesafari
2.0.2
applesafari
2.0.3
applesafari
2.0.3:417.8
applesafari
2.0.3:417.9
applesafari
2.0.3:417.9.2
applesafari
2.0.3:417.9.3
applesafari
2.0.3_417.9.3:_417.9
applesafari
2.0.4
applesafari
2.0.4_419.3:_419.3
applesafari
2.0_pre:_pre
applesafari
3.0
applesafari
3.0.0
applesafari
3.0.0b:b
applesafari
3.0.1
applesafari
3.0.1:beta
applesafari
3.0.1b:b
applesafari
3.0.2
applesafari
3.0.2b:b
applesafari
3.0.3
applesafari
3.0.3b:b
applesafari
3.0.4
applesafari
3.0.4_beta:_beta
applesafari
3.0.4b:b
applesafari
3.1
applesafari
3.1.0
applesafari
3.1.0b:b
applesafari
3.1.1
applesafari
3.1.2
applesafari
3.2
applesafari
3.2.0
applesafari
3.2.1
applesafari
3.2.2
applesafari
3.2.3
applesafari
4.0
applesafari
4.0:beta
applesafari
4.0.0b:b
applesafari
4.0.1
applesafari
4.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://osvdb.org/57949
http://secunia.com/advisories/36701
http://secunia.com/advisories/37346
http://support.apple.com/kb/HT3865
http://support.apple.com/kb/HT3949
http://www.securityfocus.com/bid/36357
http://www.vupen.com/english/advisories/2009/3217
https://exchange.xforce.ibmcloud.com/vulnerabilities/53166
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://osvdb.org/57949
http://secunia.com/advisories/36701
http://secunia.com/advisories/37346
http://support.apple.com/kb/HT3865
http://support.apple.com/kb/HT3949
http://www.securityfocus.com/bid/36357
http://www.vupen.com/english/advisories/2009/3217
https://exchange.xforce.ibmcloud.com/vulnerabilities/53166