CVE-2008-2322 - Vulnerability Details - OpenCVE

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Coregraphics Mac Os X Mac Os X Server

Configuration 1 [-]

AND

OR	cpe:2.3:o:apple:mac_os_x:10.4.11:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.11:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.4:::::::*

cpe:2.3:a:apple:coregraphics:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://secunia.com/advisories/31326
http://www.securityfocus.com/bid/30483
http://www.securityfocus.com/bid/30489
http://www.securitytracker.com/id?1020604
http://www.vupen.com/english/advisories/2008/2268
https://exchange.xforce.ibmcloud.com/vulnerabilities/44128

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-08-04T01:00:00

Updated: 2024-08-07T08:58:01.229Z

Reserved: 2008-05-18T00:00:00

Link: CVE-2008-2322

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-08-04T01:41:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2322

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "APPLE-SA-2008-07-31", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"}, {"name": "30489", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30489"}, {"name": "ADV-2008-2268", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2268"}, {"name": "1020604", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020604"}, {"name": "31326", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31326"}, {"name": "macosx-coregraphics-pdf-bo(44128)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44128"}, {"name": "20080731 Apple Mac OS X CoreGraphics PDF Type1 Font Integer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730"}, {"name": "30483", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30483"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2322", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2008-07-31", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"}, {"name": "30489", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30489"}, {"name": "ADV-2008-2268", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2268"}, {"name": "1020604", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020604"}, {"name": "31326", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31326"}, {"name": "macosx-coregraphics-pdf-bo(44128)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44128"}, {"name": "20080731 Apple Mac OS X CoreGraphics PDF Type1 Font Integer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730"}, {"name": "30483", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30483"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:58:01.229Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2008-07-31", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"}, {"name": "30489", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30489"}, {"name": "ADV-2008-2268", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2268"}, {"name": "1020604", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020604"}, {"name": "31326", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31326"}, {"name": "macosx-coregraphics-pdf-bo(44128)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44128"}, {"name": "20080731 Apple Mac OS X CoreGraphics PDF Type1 Font Integer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730"}, {"name": "30483", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30483"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2322", "datePublished": "2008-08-04T01:00:00", "dateReserved": "2008-05-18T00:00:00", "dateUpdated": "2024-08-07T08:58:01.229Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "10082781-B93E-4B84-94F2-FA9749B4D92B", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "7723A9E8-1DE2-4C7D-81E6-4F79DCB09324", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apple:coregraphics:*:*:*:*:*:*:*:*", "matchCriteriaId": "869701C0-E7C3-45A1-B887-6FA97089A9CB", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow."}, {"lang": "es", "value": "Desbordamiento de Entero en CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2 y 10.5.4, permite a atacantes remotos ejecutar c\u00f3digo arbitrariamente o provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante un archvo PDF con una fuente Type 1 larga, la cual provoca un desbordamiento de b\u00fafer basado en monticulo."}], "id": "CVE-2008-2322", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-08-04T01:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31326"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/30483"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/30489"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020604"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2268"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/30483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/30489"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020604"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2268"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44128"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}