Integer Overflow Vulnerability in CoreGraphics for Apple Mac OS X
CVE-2008-2322

Currently unrated

Key Information:

Vendor: Apple
Status: Coregraphics
Vendor: CVE Published:; 4 August 2008

What is CVE-2008-2322?

An integer overflow vulnerability exists in CoreGraphics within Apple Mac OS X versions 10.4.11, 10.5.2, and 10.5.4. This flaw allows remote attackers to exploit specially crafted PDF files containing long Type 1 fonts, leading to a heap-based buffer overflow. Successful exploitation can result in arbitrary code execution or cause applications to crash, thereby disrupting user activity and increasing the potential for unauthorized access.

References

http://lists.apple.com/archives/security-announce//2008/J...

vendor-advisoryx_refsource_APPLE

http://www.securityfocus.com/bid/30489

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2008/2268

vdb-entryx_refsource_VUPEN

EPSS Score

9% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2008
Vulnerability Reserved
May 18, 2008