CVE-2009-0010 — Use After Free in Apple MAC OS X
CWE-189CWE-416 — Use After FreeCWE-704 — Incorrect Type Conversion or CastCWE-754 — Improper Check for Unusual or Exceptional ConditionsCWE-131 — Incorrect Calculation of Buffer SizeCWE-476 — NULL Pointer DereferenceCWE-460 — Improper Cleanup on Thrown ExceptionCWE-369 — Divide By ZeroCWE-366 — Race Condition within a Thread29 documents7 sources
Severity
9.3CRITICALNVD
OSV7.8
EPSS
52.8%
top 2.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 13
Latest updateJan 13
Description
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0