search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Apple Mac OS X Finder DMG volume name buffer overflow

Vulnerability Note VU#240880

Original Release Date: 2007-02-16 | Last Revised: 2007-02-23


Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.


DMG files are disk images that can contain a variety of filesystems. Apple Mac OS X Finder contains a buffer overflow vulnerability in the handling of DMG volume names. Specifically, a DMG file with a volume name of more than 255 bytes can trigger memory corruption. Note that by default, Safari will automatically mount DMG files that are referenced in web pages.


By convincing a user to mount a specially-crafted DMG file, such as by viewing a web page with Safari, a remote, unauthenticated attacker may be able to execute code with the privileges of the user or cause a denial-of-service condition.


Apply an update

This issue is addressed in Apple Security Update 2007-002.

Disable "Open 'safe' files after downloading"

Disable the option "Open 'safe' files after downloading," as specified in the Securing Your Web Browser document. This will help prevent automatic exploitation of this and other vulnerabilities.

Vendor Information


Apple Computer, Inc. Affected

Updated:  February 16, 2007



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Please see Apple Security Update 2007-002.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



This vulnerability was publicly disclosed by LMH.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2007-0197
Severity Metric: 10.29
Date Public: 2007-01-09
Date First Published: 2007-02-16
Date Last Updated: 2007-02-23 14:05 UTC
Document Revision: 11

Sponsored by CISA.