Vulnerability Note VU#873868
Apple Mac OS X ImageIO memory corruption vulnerability
Apple's ImageIO framework contains an memory corruption vulnerability that may allow an attacker to execute code on a vulnerable system.
The RAW Image file format is a popular image format supported by many Apple Mac OS X applications. The ImageIO framework allows applications to read and write various image file formats, including RAW.
From Apple Security Update 2007-003:
A remote unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition. The specially crafted RAW file used to exploit this vulnerability may be supplied on a web page, as an email attachment or inside an email, or by some other means to convince the user into opening the malicious file.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||15 Mar 2007|
CVSS Metrics (Learn More)
Apple credits Luke Church of the Computer Laboratory, University of Cambridge, for reporting this issue.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-0733
- Date Public: 13 Mar 2007
- Date First Published: 14 Mar 2007
- Date Last Updated: 15 Mar 2007
- Severity Metric: 3.08
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.