VYPR
Unrated severityNVD Advisory· Published Jun 2, 2008· Updated Jun 16, 2026

CVE-2008-1030

CVE-2008-1030

Description

Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.

Affected products

10
  • cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
    • (no CPE)range: <10.5.3
  • cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • Range: <10.5.3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.