CVE-2009-1705 | Vulnerability Database | Aqua Security

CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	*	3.2.3 (including)
Safari	Apple	3.0 (including)	3.0 (including)
Safari	Apple	3.0.1 (including)	3.0.1 (including)
Safari	Apple	3.0.2 (including)	3.0.2 (including)
Safari	Apple	3.0.3 (including)	3.0.3 (including)
Safari	Apple	3.0.4 (including)	3.0.4 (including)
Safari	Apple	3.1 (including)	3.1 (including)
Safari	Apple	3.1.1 (including)	3.1.1 (including)
Safari	Apple	3.1.2 (including)	3.1.2 (including)
Safari	Apple	3.2 (including)	3.2 (including)
Safari	Apple	3.2.1 (including)	3.2.1 (including)
Safari	Apple	3.2.2 (including)	3.2.2 (including)

References

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://osvdb.org/54974
http://secunia.com/advisories/35379
http://support.apple.com/kb/HT3613
http://www.securityfocus.com/bid/35260
http://www.securityfocus.com/bid/35308
http://www.vupen.com/english/advisories/2009/1522

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-1705
CWE	https://cwe.mitre.org/data/definitions/189.html