CVE-2008-3623

Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.

Published: Nov 17, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3623
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
apple / safari	-	-
apple / safari	-	3.1.2.x
apple / safari	0.8	0.8.x
apple / safari	0.9	0.9.x
apple / safari	1.0-beta2	1.0-beta2.x
apple / safari	1.0-beta	1.0-beta.x
apple / safari	1.0	1.0.x
apple / safari	1.0.3	1.0.3.x
apple / safari	1.1	1.1.x
apple / safari	1.1.1	1.1.1.x
apple / safari	1.2	1.2.x
apple / safari	1.2.1	1.2.1.x
apple / safari	1.2.2	1.2.2.x
apple / safari	1.2.3	1.2.3.x
apple / safari	1.2.4	1.2.4.x
apple / safari	1.2.5	1.2.5.x
apple / safari	1.3	1.3.x
apple / safari	1.3.1	1.3.1.x
apple / safari	1.3.2	1.3.2.x
apple / safari	2	2.x
apple / safari	2.0	2.0.x
apple / safari	2.0.1	2.0.1.x
apple / safari	2.0.2	2.0.2.x
apple / safari	2.0.3	2.0.3.x
apple / safari	2.0.3_417.9.3	2.0.3_417.9.3.x
apple / safari	2.0.4	2.0.4.x
apple / safari	2.0.4_419.3	2.0.4_419.3.x
apple / safari	2.0_pre	2.0_pre.x
apple / safari	3	3.x
apple / safari	3.0	3.0.x
apple / safari	3.0.1	3.0.1.x
apple / safari	3.0.2	3.0.2.x
apple / safari	3.0.3	3.0.3.x
apple / safari	3.0.3-522.15.5	3.0.3-522.15.5.x
apple / safari	3.0.4	3.0.4.x
apple / safari	3.0.4_beta	3.0.4_beta.x
apple / safari	3.1	3.1.x
apple / safari	3.1.1	3.1.1.x

Vulnerability Database

290,206

CVE-2008-3623