Apple Mac OS X TIFFFetchAnyArray() denial of service

macosx-tifffetcharray-dos (27482) The risk level is classified as LowLow Risk

Description:

Multiple applications linked to the ImageIO parsing engine in Apple Mac OS X and Mac OS X Server are vulnerable to a denial of service, caused by improper parsing of TIFF image files by the TIFFFetchAnyArray() function. A remote attacker could exploit this vulnerability to cause the affected application to crash by creating a malicious TIFF image containing an invalid tag value, and persuading a potential victim to open the file.

Platforms Affected:

  • Apple, Mac OS X 10.3
  • Apple, Mac OS X 10.3.1
  • Apple, Mac OS X 10.3.2
  • Apple, Mac OS X 10.3.3
  • Apple, Mac OS X 10.3.4
  • Apple, Mac OS X 10.3.5
  • Apple, Mac OS X 10.3.6
  • Apple, Mac OS X 10.3.7
  • Apple, Mac OS X 10.3.8
  • Apple, Mac OS X 10.3.9
  • Apple, Mac OS X 10.4
  • Apple, Mac OS X 10.4.1
  • Apple, Mac OS X 10.4.10
  • Apple, Mac OS X 10.4.11
  • Apple, Mac OS X 10.4.2
  • Apple, Mac OS X 10.4.3
  • Apple, Mac OS X 10.4.4
  • Apple, Mac OS X 10.4.5
  • Apple, Mac OS X 10.4.6
  • Apple, Mac OS X 10.4.7
  • Apple, Mac OS X Server 10.3
  • Apple, Mac OS X Server 10.3.1
  • Apple, Mac OS X Server 10.3.2
  • Apple, Mac OS X Server 10.3.3
  • Apple, Mac OS X Server 10.3.4
  • Apple, Mac OS X Server 10.3.5
  • Apple, Mac OS X Server 10.3.6
  • Apple, Mac OS X Server 10.3.7
  • Apple, Mac OS X Server 10.3.8
  • Apple, Mac OS X Server 10.3.9
  • Apple, Mac OS X Server 10.4
  • Apple, Mac OS X Server 10.4.1
  • Apple, Mac OS X Server 10.4.10
  • Apple, Mac OS X Server 10.4.11
  • Apple, Mac OS X Server 10.4.2
  • Apple, Mac OS X Server 10.4.3
  • Apple, Mac OS X Server 10.4.4
  • Apple, Mac OS X Server 10.4.5
  • Apple, Mac OS X Server 10.4.6
  • Apple, Mac OS X Server 10.4.7

Remedy:

No remedy available as of June 27, 2009.

Consequences:

Denial of Service

References:

  • Security-Protocols Advisory June 29th, 2006 , Apple OS X 10.4.7 .tiff "TIFFFetchAnyArray ()" DoS at http://www.security-protocols.com/sp-x31-advisory.php.
  • CVE-2006-3356: The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.
  • VUPEN/ADV-2006-2606: Apple Mac OS X TIFFFetchAnyArray Image Handling Denial of Service Vulnerability

Reported:

Jun 29, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page