search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Apple Mac OS X vulnerable to stack-based buffer overflow via specially crafted TIFF file

Vulnerability Note VU#988356

Original Release Date: 2006-06-30 | Last Revised: 2006-06-30

Overview

Apple has reported a vulnerability in the way Mac OS X 10.4 systems handle TIFF images that could cause affected applications to crash or allow remote code execution..

Description

TIFF Image File Format

The TIFF image file format is a widely supported file format used for storing images.

Integration

The Safari web browser and other applications in Mac OS X versions 10.4 to 10.4.6 are capable of opening TIFF formatted images.

The problem

An attacker may be able to create a specially crafted TIFF image that exploits a stack based buffer overflow. If successfully exploited, this buffer overflow may result in an application crash or arbitrary code execution. Apple states that this vulnerability does not affect Mac OS X versions below 10.4.

Impact

A remote unauthenticated attacker may be able to execute arbitrary code or cause a denial of service by persuading a user to access a specially crafted TIFF image

Solution

Upgrade

Apply the upgrade provided by Apple. Refer to the Apple security updates in Mac OS X version 10.4.7 for more information.


Workarounds

Only open TIFF files that are from trusted sources.

Vendor Information

988356
 
Expand all

Apple Computer, Inc. Affected

Updated:  June 29, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Apple has released security advisory APPLE-SA-2006-06-27 to address this issue.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Apple Product Security for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: CVE-2006-1469
Severity Metric: 1.34
Date Public: 2006-06-27
Date First Published: 2006-06-30
Date Last Updated: 2006-06-30 17:37 UTC
Document Revision: 27

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis