CVE-2016-4629

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.11.6

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image. This is due to a buffer overflow in the ImageIO service.

Recommendations For Apple OS X versions prior to 10.11.6, update to version 10.11.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted EXR images that contain malicious xStride and yStride values until the update is applied.