CVE-2008-3950

Published: Sep 16, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.

Affected (5)

Products: Apple: Iphone, Ipod Touch, Safari

3 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone	Version 1.1.4
Apple Iphone	Version 2.0
Apple Ipod Touch	Version 1.1.4
Apple Ipod Touch	Version 2.0
Apple Safari	All versions

Related CWEs

References (8)

http://securityreason.com/securityalert/4264

Source: cve@mitre.org

http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/496321/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/31061

Source: cve@mitre.org

Patch

http://securityreason.com/securityalert/4264

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/archive/1/496321/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31061

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.