Back to search
CVE-2009-0010
Published: May 13, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.zerodayinitiative.com/advisories/ZDI-09-021/
x_refsource_MISC
35091
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM
http://support.apple.com/kb/HT3591
x_refsource_CONFIRM
35074
third-party-advisory
x_refsource_SECUNIA
ADV-2009-1407
vdb-entry
x_refsource_VUPEN
1022209
vdb-entry
x_refsource_SECTRACK
APPLE-SA-2009-05-12
vendor-advisory
x_refsource_APPLE
20090527 ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability
mailing-list
x_refsource_BUGTRAQ
http://www.zerodayinitiative.com/advisories/ZDI-09-021
x_refsource_MISC
34926
vdb-entry
x_refsource_BID
TA09-133A
third-party-advisory
x_refsource_CERT
34938
vdb-entry
x_refsource_BID
ADV-2009-1297
vdb-entry
x_refsource_VUPEN
APPLE-SA-2009-06-01-1
vendor-advisory
x_refsource_APPLE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now