Mac OS X ImageIO Radiance Image Processing Overflow

2006-07-14T08:04:30
ID OSVDB:27740
Type osvdb
Reporter OSVDB
Modified 2006-07-14T08:04:30

Description

Vulnerability Description

A local overflow exists in Mac OS X. ImageIO fails to validate Radiance files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2006-004) to address this vulnerability.

Short Description

A local overflow exists in Mac OS X. ImageIO fails to validate Radiance files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:21253 Related OSVDB ID: 27730 Related OSVDB ID: 27731 Related OSVDB ID: 27734 Related OSVDB ID: 27735 Related OSVDB ID: 27736 Related OSVDB ID: 27739 Related OSVDB ID: 27741 Related OSVDB ID: 27732 Related OSVDB ID: 27733 Related OSVDB ID: 27737 Related OSVDB ID: 27738 Related OSVDB ID: 27742 Related OSVDB ID: 27743 Related OSVDB ID: 27744 Related OSVDB ID: 27745 CVE-2006-3501 CERT VU: 172244