VYPR
High severity7.8NVD Advisory· Published Nov 15, 2007· Updated Jun 16, 2026

CVE-2007-4268

CVE-2007-4268

Description

Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow.

Affected products

2
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: >=10.4.0,<=10.4.10
    • (no CPE)range: 10.4 through 10.4.10

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.