Apple Xcode工具.funhouse文件XML数据处理缓冲区溢出漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

BUGTRAQ ID: 30189 CVE(CAN) ID: CVE-2008-2304 Xcode是苹果机器上所使用的开发工具。 Xcode工具中包含有名为Core Image Fun House的示例应用程序,用于处理带有.funhouse扩展名的内容。Funhouse应用没有正确地解析XML数据,如果用户受骗打开了特制的.funhouse文件的话,就可能触发缓冲区溢出。以下是负责解析上述文件的代码: // render origin handles using AppKit directly - - (CIImage *)drawPoints:(CIImage *)im { ... ~ NSString *str, *str2, *localizedParameter; ... ~ else if ([type isEqualToString:@"image"]) ~ { ~ // image effect stack element ~ // show an image origin (in its center) ~ CGRect r = [[es imageAtIndex:i] extent]; ~ NSPoint offset = [es offsetAtIndex:i]; ~ pt.x = offset.x + (r.origin.x + r.size.width * 0.5); ~ pt.y = offset.y + (r.origin.y + r.size.height * 0.5); ~ str = [[es filenameAtIndex:i] stringByAppendingString:@" center"]; ~ [self drawPoint:pt label:str intoContext:cg]; ~ } } 上述代码会调用以下代码: /* ~ Drawing */ // draw an onscreen handle for an image origin, text origin, or filter point // the handle is a "center symbol" - a circle with crosshairs through it....

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息