Apple ColorSync contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.
ColorSync is Apple's color management API. OS X applications and devices can use ColorSync profiles to determine how colors in images should be interpreted.
ColorSync contains a stack based buffer overflow. An attacker may be able to trigger the overflow by convincing a user to open an image with specially crafted embedded ColorSync profile.
From Apple's Color Management with Mac OS X Panther document:
Based on the Portable Document Format (PDF) 1.4 standard, Quartz is the native Mac OS X 2D drawing engine that generates text, vector, and raster images onscreen. Applications that use Quartz automatically support ColorSync. These applications include Preview, Mail, and Safari—all of which come with Panther.
A remote, unauthenticated attacker may be able to execute arbitrary code by convincing a user to open a webpage, email message, or image file.
Apple has issued an upgrade to address this issue. See Apple Security Update 2007-003 for more details.
Vendor| Status| Date Notified| Date Updated
Apple Computer, Inc.| | -| 13 Mar 2007
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Thanks to Apple for information that was used in this report. Apple thanks Tom Ferris of Security-Protocols for reporting this vulnerability.
This document was written by Ryan Giobbi.