iDefense Security Advisory 07.31.08 - Remote exploitation of an integer overflow vulnerability in Apple Inc.'s Mac OS X could allow an attacker to execute arbitrary code with the privileges of the currently logged in user. This vulnerability exists due to the way PDF files containing Type 1 fonts are handled. When processing a font with an overly large length, integer overflow could occur. This issue leads to heap corruption which can allow for arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Mac OS X version 10.5.2. Previous versions may also be affected.
bd9422a741573a345861eba59adfc7d12e18e349884ec64a39129a4947283475