Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
2008-12-17T01:30:00.297
2025-04-09T00:30:58.490
Deferred
CVSSv2: 9.3 (HIGH)
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | apple | mac_os_x | ≤ 10.5.5 | Yes |
| Operating System | apple | mac_os_x | 10.4.11 | Yes |
| Operating System | apple | mac_os_x | 10.5 | Yes |
| Operating System | apple | mac_os_x | 10.5.1 | Yes |
| Operating System | apple | mac_os_x | 10.5.2 | Yes |
| Operating System | apple | mac_os_x | 10.5.3 | Yes |
| Operating System | apple | mac_os_x | 10.5.4 | Yes |
| Operating System | apple | mac_os_x_server | ≤ 10.5.5 | Yes |
| Operating System | apple | mac_os_x_server | 10.4.11 | Yes |
| Operating System | apple | mac_os_x_server | 10.5 | Yes |
| Operating System | apple | mac_os_x_server | 10.5.1 | Yes |
| Operating System | apple | mac_os_x_server | 10.5.2 | Yes |
| Operating System | apple | mac_os_x_server | 10.5.3 | Yes |
| Operating System | apple | mac_os_x_server | 10.5.4 | Yes |