Vulnerability Note VU#988356

Apple Mac OS X vulnerable to stack-based buffer overflow via specially crafted TIFF file

Original Release date: 30 Jun 2006 | Last revised: 30 Jun 2006


Apple has reported a vulnerability in the way Mac OS X 10.4 systems handle TIFF images that could cause affected applications to crash or allow remote code execution..


TIFF Image File Format

The TIFF image file format is a widely supported file format used for storing images.


The Safari web browser and other applications in Mac OS X versions 10.4 to 10.4.6 are capable of opening TIFF formatted images.

The problem

An attacker may be able to create a specially crafted TIFF image that exploits a stack based buffer overflow. If successfully exploited, this buffer overflow may result in an application crash or arbitrary code execution. Apple states that this vulnerability does not affect Mac OS X versions below 10.4.


A remote unauthenticated attacker may be able to execute arbitrary code or cause a denial of service by persuading a user to access a specially crafted TIFF image



Apply the upgrade provided by Apple. Refer to the Apple security updates in Mac OS X version 10.4.7 for more information.


Only open TIFF files that are from trusted sources.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected-29 Jun 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Thanks to Apple Product Security for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2006-1469
  • Date Public: 27 Jun 2006
  • Date First Published: 30 Jun 2006
  • Date Last Updated: 30 Jun 2006
  • Severity Metric: 1.34
  • Document Revision: 23


If you have feedback, comments, or additional information about this vulnerability, please send us email.