Description
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.
Exploits (1)
References (12)
Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17951
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1779
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-132A.html
Patch x_refsource_misc
http://docs.info.apple.com/article.html?artnum=303411
Various Sources x_refsource_misc
http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233
Patch, Vendor Advisory x_refsource_misc
http://www.security-protocols.com/sp-x24-advisory.php
Patch vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1452
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17634
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20077
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/31837
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19686
Scores
EPSS
0.4486
EPSS Percentile
97.6%
Details
CWE
CWE-119
Status
published
Products (32)
apple/mac_os_x
10.3
apple/mac_os_x
10.3.1
apple/mac_os_x
10.3.2
apple/mac_os_x
10.3.3
apple/mac_os_x
10.3.4
apple/mac_os_x
10.3.5
apple/mac_os_x
10.3.6
apple/mac_os_x
10.3.7
apple/mac_os_x
10.3.8
apple/mac_os_x
10.3.9
... and 22 more
Published
Apr 21, 2006
Tracked Since
Feb 18, 2026