CVE-2009-1705 Information

Description

CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

Reference

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://osvdb.org/54974 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35308 http://www.vupen.com/english/advisories/2009/1522