CVE-2007-4268 in Mac OS X
摘要
由 VulDB • 2026-06-28
Apple Mac OS X 10.4 至 10.4.10 版本中 Networking 组件存在整数符号错误(Integer signedness error),本地用户可通过发送包含负值的精心构造的 AppleTalk 消息执行任意代码。该负值在 mbuf 分配期间的有符号比较中被判定为合法,但随后被解释为无符号值,从而触发基于堆的缓冲区溢出(Heap-based buffer overflow)。
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.