Apple Mac OS X ImageIO Component JP2 File Remote Heap Buffer Overflow Vulnerability

Apple Mac OS X is prone to a heap-based buffer-overflow vulnerability because it fails to sufficiently validate user-supplied data to the 'ImageIO' component when viewing JP2 image files.

Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.

The following are vulnerable:

Mac OS X 10.5.8
Mac OS X Server 10.5.8
Mac OS X 10.6 prior to 10.6.3
Mac OS X Server 10.6 prior to 10.6.3

NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.


Privacy Statement
Copyright 2010, SecurityFocus