Mac OS X QuickDraw Manager PICT Image Processing Memory Corruption

2006-09-27T16:18:57
ID OSVDB:29274
Type osvdb
Reporter OSVDB
Modified 2006-09-27T16:18:57

Description

Vulnerability Description

A local memory corruption flaw exists in Mac OS X. The QuickDraw Manager fails to validate PICT image files resulting in memory corruption. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

A local memory corruption flaw exists in Mac OS X. The QuickDraw Manager fails to validate PICT image files resulting in memory corruption. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304460 Security Tracker: 1016956 Secunia Advisory ID:22187 Related OSVDB ID: 29268 Related OSVDB ID: 29273 Related OSVDB ID: 29270 Related OSVDB ID: 29276 Related OSVDB ID: 29269 Related OSVDB ID: 29267 Related OSVDB ID: 29271 Related OSVDB ID: 29272 Related OSVDB ID: 29275 ISS X-Force ID: 29299 FrSIRT Advisory: ADV-2006-3852 CVE-2006-4395 CERT VU: 346396 CERT: TA06-275A Bugtraq ID: 20271