SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple ImageIO Vendors:   Apple
(Apple Issues Fix for iLife and Aperture) LibTIFF Buffer Underflow in Decoding LZW Data Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1021161
SecurityTracker URL:  http://securitytracker.com/id/1021161
CVE Reference:   CVE-2008-2327   (Links to External Site)
Date:  Nov 10 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in LibTIFF. A remote user can cause arbitrary code to be executed on the target user's system. Apple iLife and Aperture are affected.

A remote user can create a specially crafted TIFF file that, when loaded by the target application using libTIFF, will trigger a buffer underflow and execute arbitrary code on the target system. The code will run with the privileges of the target application.

The vulnerability resides in 'tif_lzw.c'.

Drew Yao reported this vulnerability.
Impact:   A remote user can create a file that, when processed by the target application, will execute arbitrary code on the target system.
Solution:   Apple has released a fix for iLife Support (8.3.1), which is affected by this vulnerability.

iLife Support 8.3.1 is available via the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

The download file is named: "iLifeSupport.dmg"
Its SHA-1 digest is: 2911f4608c3c69eb8056a5bf6d5186a4f403517d

The Apple advisory is available at:

http://support.apple.com/kb/HT3276
Vendor URL:  support.apple.com/kb/HT3276 (Links to External Site)
Cause:   Boundary error

Message History:   This archive entry is a follow-up to the message listed below.
Aug 26 2008 LibTIFF Buffer Underflow in Decoding LZW Data Lets Remote Users Execute Arbitrary Code


 Source Message Contents
Subject:  APPLE-SA-2008-11-10 iLife Support 8.3.1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2008-11-10 iLife Support 8.3.1

iLife Support 8.3.1 is now available and addresses the following
security issues:

ImageIO
CVE-ID:  CVE-2008-2327
Available for:  iLife 8.0 or Aperture 2,
on Mac OS v10.4.9 through v10.4.11
Impact:  Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple uninitialized memory access issues exist in
libTIFF's handling of LZW-encoded TIFF images. Viewing a maliciously
crafted TIFF image may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue through
proper memory initialization and additional validation of TIFF
images. These issues are already addressed in systems running Mac OS
X v10.5.5. Credit: Apple.

ImageIO
CVE-ID:  CVE-2008-2332
Available for:  iLife 8.0 or Aperture 2,
on Mac OS v10.4.9 through v10.4.11
Impact:  Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exits in the handling of TIFF
images. Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue through improved processing of TIFF
images. This issue is already addressed in systems running Mac OS X
v10.5.5. Credit to Robert Swiecki of Google Security Team for
reporting this issue.

ImageIO
CVE-ID:  CVE-2008-3608
Available for:  iLife 8.0 or Aperture 2,
on Mac OS v10.4.9 through v10.4.11
Impact:  Viewing a large maliciously crafted JPEG image may lead to
an unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exists in ImageIO's handling
of embedded ICC profiles in JPEG images. Viewing a large maliciously
crafted JPEG image may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue through
improved processing of ICC profiles. This issue is already addressed
in systems running Mac OS X v10.5.5. Credit: Apple.

iLife Support 8.3.1 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named: "iLifeSupport.dmg"
Its SHA-1 digest is: 2911f4608c3c69eb8056a5bf6d5186a4f403517d

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJJGJr6AAoJEHkodeiKZIkBPZcIAJIzbTPZeVCbe4wUKuOu26mW
ZlylDN5w109B12PWuwnJqbbGmiPIvf7Sp+ydEtTcxskeie8Vg/9Z+k+Z/LLmUsob
6Y8TGSQL9InCH1BxQqrhYcP7CJFhXwpnu4zqOYr5fzQURLyTqHoASQmm0SQb62lG
+xnEgMBcX7T82iqqnU08e79hN1VEYQf1Q5BQg+6urgDu5dbUifsHM/Etw8p8Wjle
c3n3kh/9wwvWExSD1E7ffrWUHdj79cZEw7RixomHK3KyoVt6VIg9mN1K4W51tcWH
V+IEBUuQfz40iedmtq1RsTISeA2+7AirS2Yr2p8ozcP46rNKLk0qAVje/NImfBY=
=/hZ6
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC