CVE-2006-1552

Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://drunkenblog.com/drunkenblog-archives/000760.html
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html	Patch
http://secunia.com/advisories/20077	Patch Vendor Advisory
http://www.osvdb.org/25597
http://www.securityfocus.com/bid/17321
http://www.securityfocus.com/bid/17951
http://www.us-cert.gov/cas/techalerts/TA06-132A.html	Patch Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/1779	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26412
http://drunkenblog.com/drunkenblog-archives/000760.html
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html	Patch
http://secunia.com/advisories/20077	Patch Vendor Advisory
http://www.osvdb.org/25597
http://www.securityfocus.com/bid/17321
http://www.securityfocus.com/bid/17951
http://www.us-cert.gov/cas/techalerts/TA06-132A.html	Patch Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/1779	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26412

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari:1.0:::::::*
	cpe:2.3:a:apple:safari:1.1:::::::*
	cpe:2.3:a:apple:safari:1.2:::::::*
	cpe:2.3:a:apple:safari:1.2.1:::::::*
	cpe:2.3:a:apple:safari:1.2.2:::::::*
	cpe:2.3:a:apple:safari:1.2.3:::::::*
	cpe:2.3:a:apple:safari:1.3:::::::*
	cpe:2.3:a:apple:safari:2.0:::::::*
	cpe:2.3:a:apple:safari:2.0.1:::::::*
	cpe:2.3:a:apple:safari:2.0.2:::::::*
	cpe:2.3:a:apple:safari:2.0_pre:::::::*
	cpe:2.3:a:apple:safari:beta2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:apple:imageio::::::::
	cpe:2.3:o:apple:mac_os_x:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.5:::::::*

History

21 Nov 2024, 00:09

Type	Values Removed	Values Added
References	~~() http://drunkenblog.com/drunkenblog-archives/000760.html -~~	() http://drunkenblog.com/drunkenblog-archives/000760.html -
References	~~() http://lists.apple.com/archives/security-announce/2006/May/msg00003.html - Patch~~	() http://lists.apple.com/archives/security-announce/2006/May/msg00003.html - Patch
References	~~() http://secunia.com/advisories/20077 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/20077 - Patch, Vendor Advisory
References	~~() http://www.osvdb.org/25597 -~~	() http://www.osvdb.org/25597 -
References	~~() http://www.securityfocus.com/bid/17321 -~~	() http://www.securityfocus.com/bid/17321 -
References	~~() http://www.securityfocus.com/bid/17951 -~~	() http://www.securityfocus.com/bid/17951 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA06-132A.html - Patch, Third Party Advisory, US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA06-132A.html - Patch, Third Party Advisory, US Government Resource
References	~~() http://www.vupen.com/english/advisories/2006/1779 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2006/1779 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/26412 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/26412 -

Information

Published : 2006-03-31 11:06

Updated : 2024-11-21 00:09

NVD link : CVE-2006-1552

Mitre link : CVE-2006-1552

CVE.ORG link : CVE-2006-1552

JSON object : View

Products Affected

apple

mac_os_x
imageio
safari
mac_os_x_server

CWE

CWE-189

Numeric Errors

5.0 /10