Published: 22/07/2009 Updated: 16/09/2009

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Integer overflow in Apple CoreGraphics, as used in Safari prior to 4.0.3, Mozilla Firefox prior to 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 2.0.0.12
mozilla firefox 3.0.1
mozilla firefox 2.0
mozilla firefox 0.9.3
mozilla firefox 0.9
mozilla firefox 1.0.2
mozilla firefox 1.0.8
mozilla firefox 2.0.0.21
mozilla firefox 2.0.0.15
mozilla firefox 0.6.1
mozilla firefox 0.6
mozilla firefox 0.1
mozilla firefox 3.0.9
mozilla firefox 2.0.0.7
mozilla firefox 1.5.0.12
mozilla firefox 1.5.0.8
mozilla firefox 1.5.0.9
mozilla firefox 1.5.7
mozilla firefox 1.5.6
mozilla firefox 2.0.0.2
mozilla firefox 3.0.2
mozilla firefox 3.0.6
mozilla firefox 3.0.10
mozilla firefox 3.0
mozilla firefox 0.8
mozilla firefox 0.10.1
mozilla firefox 3.0.5
mozilla firefox 2.0.0.20
mozilla firefox 1.0.7
mozilla firefox 1.0.6
mozilla firefox 2.0.0.10
mozilla firefox 2.0.0.16
mozilla firefox 1.0
mozilla firefox 0.3
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.2
mozilla firefox 1.5.3
mozilla firefox 1.5.4
mozilla firefox 1.5
mozilla firefox 2.0.0.5
mozilla firefox 2.0.0.4
mozilla firefox 3.0.3
mozilla firefox 3.0.4
mozilla firefox 2.0.0.18
mozilla firefox 2.0.0.14
mozilla firefox 0.9.1
mozilla firefox 1.0.3
mozilla firefox 2.0.0.9
mozilla firefox 2.0.0.11
mozilla firefox 1.4.1
mozilla firefox 0.4
mozilla firefox 0.5
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.11
mozilla firefox 1.5.1
mozilla firefox 1.5.2
mozilla firefox 1.8
mozilla firefox 1.5.8
mozilla firefox 2.0.0.3
mozilla firefox 0.9_rc
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.13
mozilla firefox
mozilla firefox 2.0.0.19
mozilla firefox 0.10
mozilla firefox 0.9.2
mozilla firefox 1.0.1
mozilla firefox 1.0.5
mozilla firefox 1.0.4
mozilla firefox 3.0.7
mozilla firefox 2.0.0.17
mozilla firefox 0.7
mozilla firefox 0.7.1
mozilla firefox 0.2
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla firefox 1.5.5
mozilla firefox 2.0.0.6
mozilla firefox 2.0.0.1
mozilla firefox 3.0.8

Mozilla Foundation Security Advisory 2009-36 Heap/integer overflows in font glyph rendering libraries Announced July 21, 2009 Reporter Will Drewry Impact Critical Products Firefox Fixed in ...

CWE-189 http://secunia.com/advisories/35914 http://www.securityfocus.com/bid/35758 https://bugzilla.mozilla.org/show_bug.cgi?id=480134 http://www.mozilla.org/security/announce/2009/mfsa2009-36.html http://www.vupen.com/english/advisories/2009/1972 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://support.apple.com/kb/HT3733 http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://www.securitytracker.com/id?1022717 http://secunia.com/advisories/36701 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://support.apple.com/kb/HT3865 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2009-36/

Get Started

CVE-2009-2468

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect