| Vulnerability Name: | CVE-2007-1071 (CCN-32795) | ||||||||
| Assigned: | 2007-02-19 | ||||||||
| Published: | 2007-02-19 | ||||||||
| Updated: | 2011-03-08 | ||||||||
| Summary: | Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. Note: this is a different issue than CVE-2006-3502 and CVE-2006-3503. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C) 6.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-1071 Source: CCN Type: Mac OS X 10.4.9 and Security Update 2007-003 About the security content of Mac OS X 10.4.9 and Security Update 2007-003 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=305214 Source: APPLE Type: UNKNOWN APPLE-SA-2007-03-13 Source: CCN Type: SA24479 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 24479 Source: CCN Type: Security-Protocols Advisory February 19th, 2007 Apple OS X ImageIO "gifGetBandProc" Integer Overflow Source: MISC Type: UNKNOWN http://security-protocols.com/sp-x39-advisory.php Source: CCN Type: SECTRACK ID: 1017758 Mac OS X ImageIO GIF and RAW Image Processing Bugs Let Remote Users Execute Arbitrary Code Source: CCN Type: Apple Mac OS X Web site Apple - Apple - Mac OS X - Leopard Sneak Peek Source: CCN Type: US-CERT VU#559444 Apple Mac OS X ImageIO integer overflow vulnerability Source: CERT-VN Type: US Government Resource VU#559444 Source: OSVDB Type: UNKNOWN 34854 Source: CCN Type: OSVDB ID: 34854 Apple Mac OS X ImageIO gifGetBandProc Function GIF Decompression Overflow Source: BID Type: Exploit 22630 Source: CCN Type: BID-22630 Apple Mac OS X ImageIO GIF Image Integer Overflow Vulnerability Source: SECTRACK Type: UNKNOWN 1017758 Source: CERT Type: US Government Resource TA07-072A Source: VUPEN Type: UNKNOWN ADV-2007-0930 Source: XF Type: UNKNOWN macos-imageio-overflow(32795) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||