Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Information
Published : 2009-09-14 09:30
Updated : 2017-08-16 18:30
NVD link : CVE-2009-2804
Mitre link : CVE-2009-2804
JSON object : View
CWE
CWE-189
Numeric Errors
Products Affected
apple
- mac_os_x
- mac_os_x_server
- safari
microsoft
- windows