Mac OS X ImageIO GIF Processing Overflow

2006-07-14T08:04:30
ID OSVDB:27742
Type osvdb
Reporter Tom Ferris(tommy@security-protocols.com)
Modified 2006-07-14T08:04:30

Description

Vulnerability Description

A local overflow exists in Mac OS X. ImageIO fails to validate GIF images resulting in an integer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2006-004) to address this vulnerability.

Short Description

A local overflow exists in Mac OS X. ImageIO fails to validate GIF images resulting in an integer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:21253 Related OSVDB ID: 27730 Related OSVDB ID: 27731 Related OSVDB ID: 27734 Related OSVDB ID: 27735 Related OSVDB ID: 27736 Related OSVDB ID: 27739 Related OSVDB ID: 27741 Related OSVDB ID: 27732 Related OSVDB ID: 27733 Related OSVDB ID: 27737 Related OSVDB ID: 27740 Related OSVDB ID: 27738 Related OSVDB ID: 27743 Related OSVDB ID: 27744 Related OSVDB ID: 27745 ISS X-Force ID: 28145 CVE-2006-3503 CERT VU: 605908