Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and
Safari before 4.0.3, allows remote attackers to execute arbitrary code
or cause a denial of service (application crash) via an image with
crafted EXIF metadata.
Apple Safari, possibly before 4.0.3, on Mac
OS X does not properly handle a?’’ character in a domain name in the
subject’s Common Name (CN) field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a
crafted certificate issued by a legitimate Certification?Authority, a
related issue to CVE-2009-2408.
Buffer overflow in ImageIO in
Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via an image with crafted EXIF metadata.