Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1983

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-1983
Last Modified 07 Mar 2011 12:00:00
Published 21 Apr 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1983

Summary

Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.3

  • Apple Mac Os X 10.3.1

  • Apple Mac Os X 10.3.2

  • Apple Mac Os X 10.3.3

  • Apple Mac Os X 10.3.4

  • Apple Mac Os X 10.3.5

  • Apple Mac Os X 10.3.6

  • Apple Mac Os X 10.3.7

  • Apple Mac Os X 10.3.8

  • Apple Mac Os X 10.3.9

  • Apple Mac Os X 10.4

  • Apple Mac Os X 10.4.1

  • Apple Mac Os X 10.4.2

  • Apple Mac Os X 10.4.3

  • Apple Mac Os X 10.4.4

  • Apple Mac Os X 10.4.5

  • Apple Mac Os X 10.4.6

  • Apple Mac Os X Server 10.3

  • Apple Mac Os X Server 10.3.1

  • Apple Mac Os X Server 10.3.2

  • Apple Mac Os X Server 10.3.3

  • Apple Mac Os X Server 10.3.4

  • Apple Mac Os X Server 10.3.5

  • Apple Mac Os X Server 10.3.6

  • Apple Mac Os X Server 10.3.7

  • Apple Mac Os X Server 10.3.8

  • Apple Mac Os X Server 10.3.9

  • Apple Mac Os X Server 10.4

  • Apple Mac Os X Server 10.4.1

  • Apple Mac Os X Server 10.4.2

  • Apple Mac Os X Server 10.4.3

  • Apple Mac Os X Server 10.4.4

  • Apple Mac Os X Server 10.4.5

  • Apple Mac Os X Server 10.4.6


References

CERT - TA06-132A

SECTRACK - 1016067

SECUNIA - 20077

APPLE - APPLE-SA-2006-05-11

XF - macosx-predictorvsetfield-bo(25951)

XF - macosx-cfallocatorallocate-bo(25949)

VUPEN - ADV-2006-1779

VUPEN - ADV-2006-1452

BID - 17951

BID - 17634

MISC - http://www.security-protocols.com/sp-x30-advisory.php

MISC - http://www.security-protocols.com/sp-x28-advisory.php

MISC - http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233

OSVDB - 24822

OSVDB - 24821

SECUNIA - 19686

Related Patches

Apple 2006-05-11 Security Update 2006-003 Mac OS X 10.4.6 Client (PPC)

Apple 2006-05-11 Security Update 2006-003 Mac OS X 10.4.6 Client (Intel)

Apple 2006-05-11 Security Update 2006-003 (10.4.6 Server)


Last Updated: 27 May 2016 10:42:16