Apple's ImageIO framework contains an integer overflow vulnerability that may allow an attacker to execute code on a vulnerable system.
Graphics Interchange Format (GIF) is a popular image format supported by many Apple Mac OS X applications. The ImageIO framework allows applications to read and write various image file formats, including GIF.
From Apple Security Update 2007-003:
A remote unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition. The specially crafted GIF file used to exploit this vulnerability may be supplied on a web page, as an email attachment or inside an email, or by some other means to convince the user into opening the malicious file.
Apple has published Mac OS X 10.4.9 for Mac OS X 10.4 (Tiger) systems and Security Update 2007-003 for Mac OS X 10.3 (Panther) systems in response to this issue. See Apple Security Update 2007-003 for more details.
Apple credits Tom Ferris of Security-Protocols for reporting this issue.
This document was written by Ryan Giobbi.
|Date First Published:||2007-03-14|
|Date Last Updated:||2007-10-01 22:39 UTC|