Vulnerability Note VU#988356
Apple Mac OS X vulnerable to stack-based buffer overflow via specially crafted TIFF file
Apple has reported a vulnerability in the way Mac OS X 10.4 systems handle TIFF images that could cause affected applications to crash or allow remote code execution..
TIFF Image File Format
The TIFF image file format is a widely supported file format used for storing images.
The Safari web browser and other applications in Mac OS X versions 10.4 to 10.4.6 are capable of opening TIFF formatted images.
An attacker may be able to create a specially crafted TIFF image that exploits a stack based buffer overflow. If successfully exploited, this buffer overflow may result in an application crash or arbitrary code execution. Apple states that this vulnerability does not affect Mac OS X versions below 10.4.
A remote unauthenticated attacker may be able to execute arbitrary code or cause a denial of service by persuading a user to access a specially crafted TIFF image
Only open TIFF files that are from trusted sources.
If you are a vendor and your product is affected, let
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||29 Jun 2006|
Thanks to Apple Product Security for reporting this vulnerability.
This document was written by Ryan Giobbi.
27 Jun 2006
Date First Published:
30 Jun 2006
Date Last Updated:
30 Jun 2006
If you have feedback, comments, or additional information about this vulnerability, please send us email.