Vulnerabilities > CVE-2006-1552 - Numeric Errors vulnerability in Apple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_SECUPD2006-003.NASL |
description | The remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security update contains fixes for the following applications : AppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21341 |
published | 2006-05-12 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21341 |
title | Mac OS X Multiple Vulnerabilities (Security Update 2006-003) |
code |
|
References
- http://drunkenblog.com/drunkenblog-archives/000760.html
- http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
- http://secunia.com/advisories/20077
- http://www.osvdb.org/25597
- http://www.securityfocus.com/bid/17321
- http://www.securityfocus.com/bid/17951
- http://www.us-cert.gov/cas/techalerts/TA06-132A.html
- http://www.vupen.com/english/advisories/2006/1779
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26412