CVE-2006-1983

Vulnerability Description

Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://lists.apple.com/archives/security-announce/2006/May/msg00003.htmlPatch
• http://secunia.com/advisories/19686Vendor Advisory
• http://secunia.com/advisories/20077PatchVendor Advisory
• http://securitytracker.com/id?1016067Patch
• http://www.osvdb.org/24821
• http://www.osvdb.org/24822
• http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233Exploit
• http://www.security-protocols.com/sp-x28-advisory.phpVendor Advisory
• http://www.security-protocols.com/sp-x30-advisory.phpVendor Advisory
• http://www.securityfocus.com/bid/17634Exploit
• http://www.securityfocus.com/bid/17951
• http://www.us-cert.gov/cas/techalerts/TA06-132A.htmlPatchThird Party AdvisoryUS Government Resource
• http://www.vupen.com/english/advisories/2006/1452Vendor Advisory
• http://www.vupen.com/english/advisories/2006/1779Vendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/25949