VAR-200911-0274
Vulnerability from variot - Updated: 2025-04-10 19:46Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that affect the CoreGraphics component. Successfully exploiting these issues may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. These issues affect the following: Mac OS X v10.5.8 and prior Mac OS X Server v10.5.8 and prior NOTE: These issues were previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but have been assigned their own record to better document them. There are multiple integer overflows that can lead to heap overflow in CoreGraphics processing PDF files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200911-0274",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
}
],
"sources": [
{
"db": "BID",
"id": "36962"
},
{
"db": "BID",
"id": "36956"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-101"
},
{
"db": "NVD",
"id": "CVE-2009-2826"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002326"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian MastenbrookRegis DuchesneNicolas Joly",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-101"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2009-2826",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-40272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2826",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-2826",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200911-101",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-40272",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-2826",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40272"
},
{
"db": "VULMON",
"id": "CVE-2009-2826"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-101"
},
{
"db": "NVD",
"id": "CVE-2009-2826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that affect the CoreGraphics component. \nSuccessfully exploiting these issues may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. \nThese issues affect the following:\nMac OS X v10.5.8 and prior\nMac OS X Server v10.5.8 and prior\nNOTE: These issues were previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but have been assigned their own record to better document them. There are multiple integer overflows that can lead to heap overflow in CoreGraphics processing PDF files",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2826"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002326"
},
{
"db": "BID",
"id": "36962"
},
{
"db": "BID",
"id": "36956"
},
{
"db": "VULHUB",
"id": "VHN-40272"
},
{
"db": "VULMON",
"id": "CVE-2009-2826"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2826",
"trust": 2.9
},
{
"db": "VUPEN",
"id": "ADV-2009-3184",
"trust": 2.6
},
{
"db": "BID",
"id": "36956",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002326",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200911-101",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2009-11-09-1",
"trust": 0.6
},
{
"db": "BID",
"id": "36962",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-40272",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2009-2826",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40272"
},
{
"db": "VULMON",
"id": "CVE-2009-2826"
},
{
"db": "BID",
"id": "36962"
},
{
"db": "BID",
"id": "36956"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-101"
},
{
"db": "NVD",
"id": "CVE-2009-2826"
}
]
},
"id": "VAR-200911-0274",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-40272"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T19:46:07.465000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT3937",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3937"
},
{
"title": "HT3937",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3937?viewlocale=ja_JP"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/0xCyberY/CVE-T4PDF "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-2826"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002326"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40272"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002326"
},
{
"db": "NVD",
"id": "CVE-2009-2826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/36956"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3937"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2826"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2826"
},
{
"trust": 0.6,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/189.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/36962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=20215"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40272"
},
{
"db": "VULMON",
"id": "CVE-2009-2826"
},
{
"db": "BID",
"id": "36962"
},
{
"db": "BID",
"id": "36956"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-101"
},
{
"db": "NVD",
"id": "CVE-2009-2826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-40272"
},
{
"db": "VULMON",
"id": "CVE-2009-2826"
},
{
"db": "BID",
"id": "36962"
},
{
"db": "BID",
"id": "36956"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-101"
},
{
"db": "NVD",
"id": "CVE-2009-2826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-40272"
},
{
"date": "2009-11-10T00:00:00",
"db": "VULMON",
"id": "CVE-2009-2826"
},
{
"date": "2009-11-09T00:00:00",
"db": "BID",
"id": "36962"
},
{
"date": "2009-11-09T00:00:00",
"db": "BID",
"id": "36956"
},
{
"date": "2009-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002326"
},
{
"date": "2009-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-101"
},
{
"date": "2009-11-10T19:30:01.313000",
"db": "NVD",
"id": "CVE-2009-2826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-40272"
},
{
"date": "2009-11-17T00:00:00",
"db": "VULMON",
"id": "CVE-2009-2826"
},
{
"date": "2009-11-10T16:06:00",
"db": "BID",
"id": "36962"
},
{
"date": "2009-11-11T20:56:00",
"db": "BID",
"id": "36956"
},
{
"date": "2009-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002326"
},
{
"date": "2009-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-101"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2826"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "36962"
},
{
"db": "BID",
"id": "36956"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of CoreGraphics Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002326"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-101"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…