CVE-2009-1726

Loading...

General

Score:9.3/10.0
Severity:High
Category:Buffer Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2008-0674, CVE-2008-1372, CVE-2009-0040, CVE-2009-0151, CVE-2009-1235, CVE-2009-1720, CVE-2009-1721, CVE-2009-1722, CVE-2009-1723, CVE-2009-1727, CVE-2009-1728, CVE-2009-2188, CVE-2009-2190, CVE-2009-2191, CVE-2009-2192, CVE-2009-2193, CVE-2009-2194, CVE-2010-0544, CVE-2010-1119, CVE-2010-1384, CVE-2010-1385, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1411, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1749, CVE-2010-1750, CVE-2010-1758, CVE-2010-1759, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1774

Published on 06/08/09 - Updated on 29/09/17

Description

Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2009-1726
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2009-AVI-309, CERTA-2010-AVI-243, CERTA-2010-AVI-270
Renater 2009/VULN314, 2010/VULN199, 2010/VULN215

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
applemac_os_x
applemac_os_x_server

Share this vulnerability with:

Twitter Facebook LinkedIn Mail