Vulnerability Description
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | <= 3.2.3 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlPatchVendor Advisory
- http://osvdb.org/54974
- http://secunia.com/advisories/35379Vendor Advisory
- http://support.apple.com/kb/HT3613PatchVendor Advisory
- http://www.securityfocus.com/bid/35260ExploitPatch
- http://www.securityfocus.com/bid/35308
- http://www.vupen.com/english/advisories/2009/1522PatchVendor Advisory
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlPatchVendor Advisory
- http://osvdb.org/54974
- http://secunia.com/advisories/35379Vendor Advisory
- http://support.apple.com/kb/HT3613PatchVendor Advisory
- http://www.securityfocus.com/bid/35260ExploitPatch
- http://www.securityfocus.com/bid/35308
- http://www.vupen.com/english/advisories/2009/1522PatchVendor Advisory
FAQ
What is CVE-2009-1705?
CVE-2009-1705 is a vulnerability with a CVSS score of 9.3 (HIGH). CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denia...
How severe is CVE-2009-1705?
CVE-2009-1705 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1705?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari.