Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
Apple Safari 2.0.3 417.8
Apple Safari 2.0.3 417.9.3
Apple Safari 1.0.1
Apple Safari 3.1.1
Apple Safari 2.0.1
Apple Safari 1.0.0
Apple Safari 3.1.0
Apple Safari 2.0.3 417.9
Apple Safari 2.0.3 417.9.2
Apple Safari 2.0.0
Apple Safari 1.2.0
Apple Safari 1.0.2
Apple Safari 4 Beta
Apple Safari 1.0.0b1
Apple Safari 4.0.3
Apple Safari 1.0.0b2
Apple Safari 4.0.0b
Apple Safari 4.0
Apple Safari 2.0
Apple Safari 4.0.2
Apple Safari 4.0.1
Apple Safari 3.0.1b
Apple Safari 0.9 (not an official CPE)
Apple Safari 3.0.4 beta (not an official CPE)
Apple Safari 2.0.3 417.9.3 (not an official CPE)
Apple Safari 3.0.4b
Apple Safari 0.8 (not an official CPE)
Apple Safari 3.0.0b
Apple Safari 3.0.0
Apple Safari 1.3.2
Apple Safari 1.3.1
Apple Safari 2.0.4 419.3 (not an official CPE)
Apple Safari 1.3.0
Apple Safari 3.2.1
Apple Safari 3.0.3
Apple Safari 2.0 pre (not an official CPE)
Apple Safari 1.1.0
Apple Safari 3.2.0
Apple Safari 3.0.2
Apple Safari 3.0.1
Apple Safari 1.1.1
Apple Safari 1.0 Beta2
Apple Safari 1.0 Beta
Apple Safari 3.2.3 (not an official CPE)
Apple Safari 3.2.2
Apple Safari 3.0.4
Apple Safari 3.1.0b
Apple Safari 3.0
Apple Safari 1.3
Apple Safari 3.1 (not an official CPE)
Apple Safari 1.2
Apple Safari 3
Apple Safari 1.0
Apple Safari 3.0.3b
Apple Safari 3.2 (not an official CPE)
Apple Safari 2
Apple Safari 3.1.2
Apple Safari 3.0.2b
Apple Safari 3.0.1 Beta
Apple Safari 1.2.4
Apple Safari 1.2.5
Apple Safari 1.0.3
Apple Safari 1.2.1
Apple Safari 1.2.2
Apple Safari 1.2.3
Apple Safari 2.0.3
Apple Safari 2.0.4
Apple Safari 2.0.2