Mac OS X ImageIO TIFF Processing Overflow

2006-06-26T06:49:08
ID OSVDB:26931
Type osvdb
Reporter OSVDB
Modified 2006-06-26T06:49:08

Description

Vulnerability Description

A local overflow exists in Mac OS X. The ImageIO library fails to validate TIFF image files resulting in a stack overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 10.4.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in Mac OS X. The ImageIO library fails to validate TIFF image files resulting in a stack overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1016394 Secunia Advisory ID:20877 Related OSVDB ID: 26930 Related OSVDB ID: 26932 Related OSVDB ID: 26933 News Article: http://news.com.com/Apple+updates+Mac+OS+to+squash+bugs/2100-1002_3-6088787.html FrSIRT Advisory: ADV-2006-2566 CVE-2006-1469 Bugtraq ID: 18686