Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1573

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-1573
Last Modified 14 Jul 2011 12:00:00
Published 02 Jun 2008 05:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1573

Summary

The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.4.11

  • Apple Mac Os X 10.5

  • Apple Mac Os X 10.5.1

  • Apple Mac Os X 10.5.2

  • Apple Mac Os X Server 10.4.11

  • Apple Mac Os X Server 10.5

  • Apple Mac Os X Server 10.5.1

  • Apple Mac Os X Server 10.5.2


References

CERT - TA08-150A

SECTRACK - 1020144

XF - macosx-imageio-information-disclosure(42721)

VUPEN - ADV-2008-1882

VUPEN - ADV-2008-1697

BID - 29513

BID - 29412

SECUNIA - 30775

SECUNIA - 30430

APPLE - APPLE-SA-2008-05-28

APPLE - APPLE-SA-2008-06-19

Related Patches

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update

Apple 2008-06-30 Safari Update 3.1.2 (Tiger PPC)

Apple 2008-06-30 Safari Update 3.1.2 (Tiger Intel)


Last Updated: 27 May 2016 10:47:34