CVE-2008-3623
Summary
| CVE | CVE-2008-3623 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-11-17 18:18:47 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apple | Safari | All | All | windows | All |
| Application | Apple | Safari | 0.8 | All | All | All |
| Application | Apple | Safari | 0.9 | All | All | All |
| Application | Apple | Safari | 1.0 | All | All | All |
| Application | Apple | Safari | 1.0 | beta | All | All |
| Application | Apple | Safari | 1.0 | beta2 | All | All |
| Application | Apple | Safari | 1.0.3 | All | All | All |
| Application | Apple | Safari | 1.1 | All | All | All |
| Application | Apple | Safari | 1.1.1 | All | All | All |
| Application | Apple | Safari | 1.2 | All | All | All |
| Application | Apple | Safari | 1.2.1 | All | All | All |
| Application | Apple | Safari | 1.2.2 | All | All | All |
| Application | Apple | Safari | 1.2.3 | All | All | All |
| Application | Apple | Safari | 1.2.4 | All | All | All |
| Application | Apple | Safari | 1.2.5 | All | All | All |
| Application | Apple | Safari | 1.3 | All | All | All |
| Application | Apple | Safari | 1.3.1 | All | All | All |
| Application | Apple | Safari | 1.3.2 | All | All | All |
| Application | Apple | Safari | 2 | All | All | All |
| Application | Apple | Safari | 2.0 | All | All | All |
| Application | Apple | Safari | 2.0.1 | All | All | All |
| Application | Apple | Safari | 2.0.2 | All | All | All |
| Application | Apple | Safari | 2.0.3 | All | All | All |
| Application | Apple | Safari | 2.0.3_417.9.3 | All | All | All |
| Application | Apple | Safari | 2.0.4 | All | All | All |
| Application | Apple | Safari | 2.0.4_419.3 | All | All | All |
| Application | Apple | Safari | 2.0_pre | All | All | All |
| Application | Apple | Safari | 3 | All | All | All |
| Application | Apple | Safari | 3.0 | All | All | All |
| Application | Apple | Safari | 3.0 | All | windows | All |
| Application | Apple | Safari | 3.0.1 | All | All | All |
| Application | Apple | Safari | 3.0.1 | All | windows | All |
| Application | Apple | Safari | 3.0.2 | All | All | All |
| Application | Apple | Safari | 3.0.2 | All | windows | All |
| Application | Apple | Safari | 3.0.3 | All | All | All |
| Application | Apple | Safari | 3.0.3 | All | windows | All |
| Application | Apple | Safari | 3.0.3 | 522.15.5 | All | All |
| Application | Apple | Safari | 3.0.4 | All | All | All |
| Application | Apple | Safari | 3.0.4_beta | All | All | All |
| Application | Apple | Safari | 3.0.4_beta | All | windows | All |
| Application | Apple | Safari | 3.1 | All | All | All |
| Application | Apple | Safari | 3.1.1 | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Operating System | Microsoft | Windows | xp | All | All | All |
| Operating System | Microsoft | Windows Vista | - | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About the security content of iPhone OS 3.0 Software Update | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| APPLE-SA-2008-12-15 Security Update 2008-008 / Mac OS X v10.5.6 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | |
| About the security content of Security Update 2008-008 / Mac OS X v10.5.6 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| APPLE-SA-2008-11-13 Safari 3.2 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| US-CERT Technical Cyber Security Alert TA08-350A -- Apple Updates for Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | US Government Resource |
| Safari Heap Overflow in CoreGraphics Lets Remote Users Execute Arbitrary Code - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| About the security content of Safari 3.2 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Vendor Advisory |
| APPLE-SA-2009-06-17-1 iPhone OS 3.0 Software Update | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | |
| Apple Safari Prior to 3.2 Multiple Security Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Apple Safari Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.