CVE-2008-3950

Currently unrated

Key Information:

Vendor: Apple
Status: Iphone; Ipod Touch; Safari
Vendor: CVE Published:; 16 September 2008

Summary

Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.

References

http://www.securityfocus.com/bid/31061

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/496321/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.coresecurity.com/content/iphone-safari-javascr...

x_refsource_MISC

Timeline

Vulnerability published
Sep 16, 2008
Vulnerability Reserved
Sep 5, 2008