Mac OS X AppKit Malformed TIFF Image NXSeek() DoS

2005-05-03T00:00:00
ID OSVDB:16071
Type osvdb
Reporter Henrik Dalgaard()
Modified 2005-05-03T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed TIFF image file containing a call to NXSeek() with an offset outside the image is opened by a Cocoa application, which causes the application to crash resulting in a loss of availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed TIFF image file containing a call to NXSeek() with an offset outside the image is opened by a Cocoa application, which causes the application to crash resulting in a loss of availability.

References:

Vendor URL: http://www.apple.com/ Vendor Specific Advisory URL Security Tracker: 1013874 CVE-2005-1330 Bugtraq ID: 13480