Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.4
Apple Mac OS X 10.4
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4.2
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| macos-imageio-jpeg-bo(26412) | |||
| ADV-2006-1779 | |||
| TA06-132A | |||
| 17951 | |||
| 17321 | |||
| APPLE-SA-2006-05-11 | |||
| http://drunkenblog.com/drunkenblog-archives/000760.html |