PT-2017-1298 · Apple · Imageio+1

Juwei Lin

Published

2017-02-20

Updated

2017-07-29

CVE-2016-4671

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions macOS versions prior to 10.12.1

Description The issue involves the ImageIO component and allows remote attackers to execute arbitrary code or cause a denial of service via a crafted PDF file. This is due to an out-of-bounds write and application crash. The exploitation of this issue can lead to the execution of arbitrary code or a denial of service.

Recommendations For macOS versions prior to 10.12.1, update to version 10.12.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the ImageIO component when handling PDF files from untrusted sources until a patch is applied.

Fix

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-125

Related Identifiers

BDU:2017-00420

CVE-2016-4671

Affected Products

Imageio

Apple Macos

PT-2017-1298 · Apple · Imageio+1

CVE-2016-4671

Weakness Enumeration

Related Identifiers

Affected Products

References · 6