Vulnerability Note VU#980078
Apple Mac OS X vulnerable to buffer overflow in ColorSync ICC color profile handling
Apple's Mac OS X operating system contains a flaw in the handling of ICC color profiles, which may allow arbitrary code execution through a heap-based buffer overflow.
The Apple Mac OS X operating system contains support for ICC color profiles in the ColorSync component. This component contains a flaw in checking boundary conditions which may allow arbitrary code execution. When checking certain parameters in ICC color profiles, improperly formatted or maliciously crafted embedded profiles may cause a heap-based buffer overflow which would allow arbitrary code execution.
An attacker with the ability to supply a maliciously crafted profile may be able to execute arbitrary code on a vulnerable system. The attacker-supplied code would be executed with the privileges of the user running ColorSync.
Apply a patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||-||27 Jan 2005|
CVSS Metrics (Learn More)
Thanks to Apple Product Security for reporting this vulnerability.
This document was written by Ken MacInnis.
- CVE IDs: CAN-2005-0126
- Date Public: 25 Jan 2005
- Date First Published: 27 Jan 2005
- Date Last Updated: 27 Jan 2005
- Severity Metric: 4.13
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.