Apple Image I/O EXR Color Component Remote Code Execution Vulnerability(CVE-2016-4629)

SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...

CVE-2016-4629

ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted xStride and yStride values in an EXR image...

CVE-2016-4629

CVE-2016-4629 affects Apple’s OS X ImageIO (OS X before 10.11.6). A crafted EXR image can trigger memory corruption via signed xStride/yStride values, enabling remote code execution or a denial of service. Apple lists OS X 10.11.6 (El Capitan) and Security Update 2016-004 as the fix; patching is ...

CVE-2016-4629

ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted xStride and yStride values in an EXR image...