CVE-2014-1258medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.
References
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.9.1 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 8138 | Mac OS X < 10.9.2 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | critical |
| 72688 | Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 72687 | Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |