ID

VAR-201011-0212


CVE

CVE-2010-1836


TITLE

Apple Mac OS X of CoreGraphics Vulnerable to stack-based buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2010-002415

DESCRIPTION

Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Apple Mac OS X is prone to a stack-based buffer-overflow vulnerability in the CoreGraphics component. An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X 10.6 to 10.6.4 and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it

Trust: 2.34

sources: NVD: CVE-2010-1836 // JVNDB: JVNDB-2010-002415 // BID: 44806 // BID: 44809 // VULHUB: VHN-44441 // VULMON: CVE-2010-1836

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.6

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.6

vendor:applemodel:mac osscope:neversion:x10.6.5

Trust: 0.3

sources: BID: 44806 // BID: 44809 // JVNDB: JVNDB-2010-002415 // CNNVD: CNNVD-201011-151 // NVD: CVE-2010-1836

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1836
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1836
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-151
value: MEDIUM

Trust: 0.6

VULHUB: VHN-44441
value: MEDIUM

Trust: 0.1

VULMON: CVE-2010-1836
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-1836
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-44441
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44441 // VULMON: CVE-2010-1836 // JVNDB: JVNDB-2010-002415 // CNNVD: CNNVD-201011-151 // NVD: CVE-2010-1836

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-44441 // JVNDB: JVNDB-2010-002415 // NVD: CVE-2010-1836

THREAT TYPE

network

Trust: 0.6

sources: BID: 44806 // BID: 44809

TYPE

Boundary Condition Error

Trust: 0.6

sources: BID: 44806 // BID: 44809

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002415

PATCH

title:HT4435url:http://support.apple.com/kb/HT4435

Trust: 0.8

title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP

Trust: 0.8

title: - url:https://github.com/0xCyberY/CVE-T4PDF

Trust: 0.1

sources: VULMON: CVE-2010-1836 // JVNDB: JVNDB-2010-002415

EXTERNAL IDS

db:NVDid:CVE-2010-1836

Trust: 3.2

db:SECTRACKid:1024723

Trust: 1.2

db:JVNDBid:JVNDB-2010-002415

Trust: 0.8

db:CNNVDid:CNNVD-201011-151

Trust: 0.7

db:APPLEid:APPLE-SA-2010-11-10-1

Trust: 0.6

db:BIDid:44809

Trust: 0.5

db:BIDid:44806

Trust: 0.4

db:VULHUBid:VHN-44441

Trust: 0.1

db:VULMONid:CVE-2010-1836

Trust: 0.1

sources: VULHUB: VHN-44441 // VULMON: CVE-2010-1836 // BID: 44806 // BID: 44809 // JVNDB: JVNDB-2010-002415 // CNNVD: CNNVD-201011-151 // NVD: CVE-2010-1836

REFERENCES

url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html

Trust: 1.8

url:http://support.apple.com/kb/ht4435

Trust: 1.8

url:http://www.securitytracker.com/id?1024723

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1836

Trust: 0.8

url:http://jvn.jp/cert/jvnvu331391

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1836

Trust: 0.8

url:http://www.apple.com/macosx/

Trust: 0.6

url:http://www.securityfocus.com/advisories/20899

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://www.securityfocus.com/bid/44809

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/0xcybery/cve-t4pdf

Trust: 0.1

sources: VULHUB: VHN-44441 // VULMON: CVE-2010-1836 // BID: 44806 // BID: 44809 // JVNDB: JVNDB-2010-002415 // CNNVD: CNNVD-201011-151 // NVD: CVE-2010-1836

CREDITS

Andrew Kiss

Trust: 0.6

sources: BID: 44806 // BID: 44809

SOURCES

db:VULHUBid:VHN-44441
db:VULMONid:CVE-2010-1836
db:BIDid:44806
db:BIDid:44809
db:JVNDBid:JVNDB-2010-002415
db:CNNVDid:CNNVD-201011-151
db:NVDid:CVE-2010-1836

LAST UPDATE DATE

2025-04-11T20:16:33.557000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-44441date:2010-12-10T00:00:00
db:VULMONid:CVE-2010-1836date:2010-12-10T00:00:00
db:BIDid:44806date:2010-11-10T00:00:00
db:BIDid:44809date:2010-11-15T15:56:00
db:JVNDBid:JVNDB-2010-002415date:2010-11-26T00:00:00
db:CNNVDid:CNNVD-201011-151date:2010-11-17T00:00:00
db:NVDid:CVE-2010-1836date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:VULHUBid:VHN-44441date:2010-11-15T00:00:00
db:VULMONid:CVE-2010-1836date:2010-11-15T00:00:00
db:BIDid:44806date:2010-11-10T00:00:00
db:BIDid:44809date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002415date:2010-11-26T00:00:00
db:CNNVDid:CNNVD-201011-151date:2010-11-17T00:00:00
db:NVDid:CVE-2010-1836date:2010-11-15T23:00:04.407