CVE-2011-3457

2012-02-0218:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-3457

apple

mac os x

opengl

glsl

memory corruption

application crash

remote code execution

denial of service

nvd

7.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.0%

JSON

The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.6.8
apple:mac_os_xapple mac os xeq10.6.7
apple:mac_os_x_serverapple mac os x serverle10.7.2
apple:mac_os_x_serverapple mac os x servereq10.7.1
apple:mac_os_x_serverapple mac os x servereq10.6.3
apple:mac_os_x_serverapple mac os x servereq10.6.8
apple:mac_os_x_serverapple mac os x servereq10.6.6
apple:mac_os_xapple mac os xeq10.6.3
apple:mac_os_x_serverapple mac os x servereq10.6.4
apple:mac_os_xapple mac os xeq10.6.6

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.6.8
apple:mac_os_x	apple mac os x	eq	10.6.7
apple:mac_os_x_server	apple mac os x server	le	10.7.2
apple:mac_os_x_server	apple mac os x server	eq	10.7.1
apple:mac_os_x_server	apple mac os x server	eq	10.6.3
apple:mac_os_x_server	apple mac os x server	eq	10.6.8
apple:mac_os_x_server	apple mac os x server	eq	10.6.6
apple:mac_os_x	apple mac os x	eq	10.6.3
apple:mac_os_x_server	apple mac os x server	eq	10.6.4
apple:mac_os_x	apple mac os x	eq	10.6.6