发布时间 :2006-08-02 21:04:00
修订时间 :2017-07-19 21:32:21

[原文]Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.

[CNNVD]Apple Mac OS Radiance图形整数溢出漏洞(CNNVD-200608-038)

        Apple Mac OS X是苹果家族机器所使用的操作系统。
        最新的Mac OS X更新修复了多个漏洞,具体如下:

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x_server:10.4.7Apple Mac OS X Server 10.4.7
cpe:/o:apple:mac_os_x:10.4.7Apple Mac OS X 10.4.7

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  19289
(UNKNOWN)  VUPEN  ADV-2006-3101
(UNKNOWN)  XF  macosx-imageio-radiance-overflow(28143)

- 漏洞信息

Apple Mac OS Radiance图形整数溢出漏洞
中危 缓冲区溢出
2006-08-02 00:00:00 2006-08-26 00:00:00
        Apple Mac OS X是苹果家族机器所使用的操作系统。
        最新的Mac OS X更新修复了多个漏洞,具体如下:

- 公告与补丁

        Apple Mac OS X Server 10.3.9
        Apple SecUpdSrvr2006-004Pan.dmg 1&platform=osx&method=sa/SecUpdSrvr2006-004Pan.dmg
        Apple Mac OS X 10.3.9
        Apple SecUpd2006-004Pan.dmg 1&platform=osx&method=sa/SecUpd2006-004Pan.dmg
        Apple Mac OS X 10.4.7
        Apple SecUpd2006-004Intel.dmg 1&platform=osx&method=sa/SecUpd2006-004Intel.dmg

- 漏洞信息

Apple Mac OS X ImageIO Radiance Image Processing Overflow
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A local overflow exists in Mac OS X. ImageIO fails to validate Radiance files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2006-07-14 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2006-004) to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete