发布时间 :2006-08-02 21:04:00
修订时间 :2017-07-19 21:32:21

[原文]Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.

[CNNVD]Apple Mac OS GIF图形内存分配失败拒绝服务攻击漏洞(CNNVD-200608-044)

        Apple Mac OS X是苹果家族机器所使用的操作系统。
        最新的Mac OS X更新修复了多个漏洞,具体如下:

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x_server:10.4.7Apple Mac OS X Server 10.4.7
cpe:/o:apple:mac_os_x:10.4.7Apple Mac OS X 10.4.7

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  19289
(UNKNOWN)  VUPEN  ADV-2006-3101
(UNKNOWN)  XF  macosx-imageio-gif-code-execution(28144)

- 漏洞信息

Apple Mac OS GIF图形内存分配失败拒绝服务攻击漏洞
中危 资料不足
2006-08-02 00:00:00 2006-08-26 00:00:00
        Apple Mac OS X是苹果家族机器所使用的操作系统。
        最新的Mac OS X更新修复了多个漏洞,具体如下:

- 公告与补丁

        Apple Mac OS X Server 10.3.9
        Apple SecUpdSrvr2006-004Pan.dmg 1&platform=osx&method=sa/SecUpdSrvr2006-004Pan.dmg
        Apple Mac OS X 10.3.9
        Apple SecUpd2006-004Pan.dmg 1&platform=osx&method=sa/SecUpd2006-004Pan.dmg
        Apple Mac OS X 10.4.7
        Apple SecUpd2006-004Intel.dmg 1&platform=osx&method=sa/SecUpd2006-004Intel.dmg

- 漏洞信息

Apple Mac OS X ImageIO GIF Processing Memory Allocation Failure Arbitrary Code Execution
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by a specially crafted GIF file, which triggers an undetected memory allocation error. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

- 时间线

2006-07-14 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2006-004) to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete