Описание
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- ExploitPatch
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- ExploitPatch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.3 (включая)
Одно из
cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:*
EPSS
Процентиль: 90%
0.05154
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-189
Связанные уязвимости
github
почти 4 года назад
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.
EPSS
Процентиль: 90%
0.05154
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-189