CVE-2009-1705

Published Jun 10, 2009

Last updated 15 years ago

Overview

Description: CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-189

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E203D81-FABE-4A63-8930-1DA15A86E113",
            "versionEndIncluding": "3.2.3"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49875E29-AA30-4D96-9ED9-538823DD5E1C"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6C733F3-F5D4-4CF1-866D-61FF9D81D1B3"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5471735-D9C0-491B-9A6A-07B39AA215CF"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E5C52F3-2109-40FD-9945-A9A9D42C076E"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "151DEB6D-5857-4B0B-8449-5735768024A5"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC7E7F65-8F3B-42F8-8B2D-9EA1CC4A4300"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "476EBE1F-66E1-4EF5-8344-BEDA97F306A4"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "480ED2AC-0DA4-44DA-A902-8534335077B9"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77F31F4B-5305-4D75-9277-95EF99A969A9"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9AD216D-0C95-4843-A1A1-C3C9A6219277"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04B8652D-BE06-49CB-A636-8B53B2DF9168"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References