2 matches found
CVE-2008-2304
CVE-2008-2304 describes a buffer overflow in Apple Core Image Fun House (2.0 and earlier) within CoreImage Examples in Xcode tools before 3.1. The flaw arises when processing a .funhouse file with XML data: code path draws a point label and at one point copies a C string without length bound (str...
Apple Xcode工具.funhouse文件XML数据处理缓冲区溢出漏洞
BUGTRAQ ID: 30189 CVECAN ID: CVE-2008-2304 Xcode是苹果机器上所使用的开发工具。 Xcode工具中包含有名为Core Image Fun House的示例应用程序,用于处理带有.funhouse扩展名的内容。Funhouse应用没有正确地解析XML数据,如果用户受骗打开了特制的.funhouse文件的话,就可能触发缓冲区溢出。以下是负责解析上述文件的代码: // render origin handles using AppKit directly - - CIImage drawPoints:CIImage im ... NSString...