CVE-2006-1982

Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=303411	Patch
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html	Patch
http://secunia.com/advisories/19686	Vendor Advisory
http://secunia.com/advisories/20077	Patch Vendor Advisory
http://www.osvdb.org/31837
http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233
http://www.security-protocols.com/sp-x24-advisory.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/17634	Exploit
http://www.securityfocus.com/bid/17951
http://www.us-cert.gov/cas/techalerts/TA06-132A.html	Patch Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/1452	Vendor Advisory
http://www.vupen.com/english/advisories/2006/1779	Vendor Advisory
http://docs.info.apple.com/article.html?artnum=303411	Patch
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html	Patch
http://secunia.com/advisories/19686	Vendor Advisory
http://secunia.com/advisories/20077	Patch Vendor Advisory
http://www.osvdb.org/31837
http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233
http://www.security-protocols.com/sp-x24-advisory.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/17634	Exploit
http://www.securityfocus.com/bid/17951
http://www.us-cert.gov/cas/techalerts/TA06-132A.html	Patch Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/1452	Vendor Advisory
http://www.vupen.com/english/advisories/2006/1779	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:mac_os_x:10.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.8:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.6:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.7:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.8:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.5:::::::*

History

No history.

Information

Published : 2006-04-21 22:02

Updated : 2025-04-03 01:03

NVD link : CVE-2006-1982

Mitre link : CVE-2006-1982

CVE.ORG link : CVE-2006-1982

JSON object : View

Products Affected

apple

mac_os_x
mac_os_x_server

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.5 /10