Mac OS X ImageIO JPEG2000 Image Processing Overflow

2006-09-27T16:18:57
ID OSVDB:29268
Type osvdb
Reporter Tom Saxton()
Modified 2006-09-27T16:18:57

Description

Vulnerability Description

A local overflow exists in Mac OS X. The ImageIO library fails to validate JPEG2000 files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

A local overflow exists in Mac OS X. The ImageIO library fails to validate JPEG2000 files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304460 Security Tracker: 1016953 Secunia Advisory ID:22187 Related OSVDB ID: 29273 Related OSVDB ID: 29270 Related OSVDB ID: 29276 Related OSVDB ID: 29269 Related OSVDB ID: 29267 Related OSVDB ID: 29271 Related OSVDB ID: 29272 Related OSVDB ID: 29274 Related OSVDB ID: 29275 ISS X-Force ID: 29280 FrSIRT Advisory: ADV-2006-3852 CVE-2006-4391 CERT VU: 546772 CERT: TA06-275A Bugtraq ID: 20271