Lucene search
85319bb6e6ab398b334509c50afce5259d42756eZDI-10-058HistoryApr 05, 2010 - 12:00 a.m.
Apple Mac OS X ImageIO Framework JPEG2000 Remote Code Execution Vulnerability
2010-04-0500:00:00
85319bb6e6ab398b334509c50afce5259d42756e
www.zerodayinitiative.com
14
0.039 Low
EPSS
Percentile
92.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Apple ImageIO framework during the parsing of malformed JPEG2000 files. The function CGImageReadGetBytesAtOffset can utilize miscalculated values during a memmove operation that will result in an exploitable heap corruption allowing attackers to execute arbitrary code under the context of the current user.
References
Related
cve
cve
CVE-2010-0505
2010-03-30 18:30:00
prion
prion
Heap overflow
2010-03-30 18:30:00
cvelist
cvelist
CVE-2010-0505
2010-03-30 18:00:00
nvd
nvd
CVE-2010-0505
2010-03-30 18:30:00
seebug
seebug
securityvulns
securityvulns
Apple Mac OS X multiple security vulnerabilities
2010-04-19 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2010-002)
2010-03-29 00:00:00
Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities
2010-03-29 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44
openvas
openvas
Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
2010-05-12 00:00:00
Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
2010-05-12 00:00:00