Apple ColorSync contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.
ColorSync is Apple's color management API. OS X applications and devices can use ColorSync profiles to determine how colors in images should be interpreted.
ColorSync contains a stack based buffer overflow. An attacker may be able to trigger the overflow by convincing a user to open an image with specially crafted embedded ColorSync profile.
A remote, unauthenticated attacker may be able to execute arbitrary code by convincing a user to open a webpage, email message, or image file.
Thanks to Apple for information that was used in this report. Apple thanks Tom Ferris of Security-Protocols for reporting this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2007-03-14|
|Date Last Updated:||2007-03-14 13:50 UTC|