Sign-up

ID

VAR-200802-0125


CVE

CVE-2008-0894


TITLE

Apple Safari Vulnerability in obtaining important memory content

Trust: 0.8

sources: JVNDB: JVNDB-2008-002755

DESCRIPTION

Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420. Apple Safari Is getting important memory content, or service disruption ( crash ) There is a vulnerability that becomes a condition. This issue occurs when the application tries to handle malformed image files. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Attackers may also obtain potentially sensitive information that may aid in further attacks. Very few details are currently available. We will update this BID as more information emerges. This issue may be related to the one described in BID 27826 (Multiple Web Browser BMP Partial Palette Information Disclosure and Denial Of Service Vulnerability). This vulnerability is related to CVE-2008-0420

Trust: 1.98

sources: NVD: CVE-2008-0894 // JVNDB: JVNDB-2008-002755 // BID: 27947 // VULHUB: VHN-31019

AFFECTED PRODUCTS

vendor:applemodel:safariscope: - version: -

Trust: 1.4

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:mobile safariscope:eqversion:0

Trust: 0.3

sources: BID: 27947 // JVNDB: JVNDB-2008-002755 // CNNVD: CNNVD-200802-409 // NVD: CVE-2008-0894

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0894
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-0894
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200802-409
value: MEDIUM

Trust: 0.6

VULHUB: VHN-31019
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-0894
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-31019
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-31019 // JVNDB: JVNDB-2008-002755 // CNNVD: CNNVD-200802-409 // NVD: CVE-2008-0894

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-DesignError

Trust: 0.8

sources: JVNDB: JVNDB-2008-002755 // NVD: CVE-2008-0894

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200802-409

TYPE

design error

Trust: 0.6

sources: CNNVD: CNNVD-200802-409

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-002755

PATCH
title:Top Pageurl:http://www.apple.com/safari/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-002755

EXTERNAL IDS
db:NVDid:CVE-2008-0894
Trust: 2.8
db:BIDid:27947
Trust: 2.0
db:SECTRACKid:1019487
Trust: 1.7
db:SREASONid:3685
Trust: 1.7
db:JVNDBid:JVNDB-2008-002755
Trust: 0.8
db:BUGTRAQid:20080216 [HISPASEC] FIREFOX 2.0.0.11 AND OPERA 9.50 BETA REMOTE MEMORY INFORMATION LEAK, FIREFOX 2.0.0.11 REMOTE DENIAL OF SERVICE
Trust: 0.6
db:CNNVDid:CNNVD-200802-409
Trust: 0.6
db:VULHUBid:VHN-31019
Trust: 0.1
sources:
            
            
            VULHUB: VHN-31019 // 
            
            
            
            BID: 27947 // 
            
            
            
            JVNDB: JVNDB-2008-002755 // 
            
            
            
            CNNVD: CNNVD-200802-409 // 
            
            
            
            NVD: CVE-2008-0894

REFERENCES
url:https://bugzilla.mozilla.org/show_bug.cgi?id=408076
Trust: 2.0
url:http://www.securityfocus.com/bid/27947
Trust: 1.7
url:http://www.securitytracker.com/id?1019487
Trust: 1.7
url:http://securityreason.com/securityalert/3685
Trust: 1.7
url:http://www.securityfocus.com/archive/1/488264/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0894
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0894
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/488264/100/0/threaded
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
url:/archive/1/488264
Trust: 0.3
sources:
            
            
            VULHUB: VHN-31019 // 
            
            
            
            BID: 27947 // 
            
            
            
            JVNDB: JVNDB-2008-002755 // 
            
            
            
            CNNVD: CNNVD-200802-409 // 
            
            
            
            NVD: CVE-2008-0894

CREDITS
Gynvael Coldwind is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 27947 // 
            
            
            
            CNNVD: CNNVD-200802-409

SOURCES
db:VULHUBid:VHN-31019
db:BIDid:27947
db:JVNDBid:JVNDB-2008-002755
db:CNNVDid:CNNVD-200802-409
db:NVDid:CVE-2008-0894

LAST UPDATE DATE
2025-04-10T20:28:13.759000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-31019date:2018-10-15T00:00:00
db:BIDid:27947date:2008-02-22T18:43:00
db:JVNDBid:JVNDB-2008-002755date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200802-409date:2008-09-05T00:00:00
db:NVDid:CVE-2008-0894date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-31019date:2008-02-21T00:00:00
db:BIDid:27947date:2008-02-22T00:00:00
db:JVNDBid:JVNDB-2008-002755date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200802-409date:2008-02-21T00:00:00
db:NVDid:CVE-2008-0894date:2008-02-21T21:44:00