| Vulnerability Name: | CVE-2016-4682 |
| Assigned: | 2016-05-11 |
| Published: | 2017-02-20 |
| Updated: | 2017-07-29 |
| Summary: | An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file.
|
| CVSS v3 Severity: | 7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): High |
4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): Low |
|
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial |
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-125
|
| References: | Source: MITRE
Type: CNA
CVE-2016-4682
Source: BID
Type: Third Party Advisory, VDB Entry
93852
Source: SECTRACK
Type: UNKNOWN
1037086
Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/HT207170
Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/HT207275
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version <= 10.12.0)
 Denotes that component is vulnerable |
| BACK |