CVE-2006-3502 - Vulnerability Details - OpenCVE

Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00783.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple Subscribe	Mac Os X Subscribe Mac Os X Server Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.7:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2006-3497	Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
http://secunia.com/advisories/21253
http://www.kb.cert.org/vuls/id/651844
http://www.osvdb.org/27741
http://www.securityfocus.com/bid/19289
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
http://www.vupen.com/english/advisories/2006/3101
https://exchange.xforce.ibmcloud.com/vulnerabilities/28144

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-03T01:00:00

Updated: 2024-08-07T18:30:34.219Z

Reserved: 2006-07-10T00:00:00

Link: CVE-2006-3502

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-08-03T01:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3502

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "APPLE-SA-2006-08-01", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"}, {"name": "ADV-2006-3101", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3101"}, {"name": "21253", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21253"}, {"name": "19289", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19289"}, {"name": "TA06-214A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"}, {"name": "macosx-imageio-gif-code-execution(28144)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28144"}, {"name": "VU#651844", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/651844"}, {"name": "27741", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27741"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3502", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2006-08-01", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"}, {"name": "ADV-2006-3101", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3101"}, {"name": "21253", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21253"}, {"name": "19289", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19289"}, {"name": "TA06-214A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"}, {"name": "macosx-imageio-gif-code-execution(28144)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28144"}, {"name": "VU#651844", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/651844"}, {"name": "27741", "refsource": "OSVDB", "url": "http://www.osvdb.org/27741"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:30:34.219Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2006-08-01", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"}, {"name": "ADV-2006-3101", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3101"}, {"name": "21253", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21253"}, {"name": "19289", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19289"}, {"name": "TA06-214A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"}, {"name": "macosx-imageio-gif-code-execution(28144)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28144"}, {"name": "VU#651844", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/651844"}, {"name": "27741", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27741"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3502", "datePublished": "2006-08-03T01:00:00", "dateReserved": "2006-07-10T00:00:00", "dateUpdated": "2024-08-07T18:30:34.219Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "8AC9692A-CE81-446D-B136-449662C4B9A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled."}, {"lang": "es", "value": "Vulnerabilidad no especificada en ImageIO en Apple Mac OS X 10.4.7 permite a atacantes con la intervenci\u00f3n del usuario provocar denegaci\u00f3n de servicio (caida) y problemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s im\u00e1genes GIF manipuladas que disparan fallos de localizaci\u00f3n de memoria que es no es manejada adecuadamente.\r\n"}], "id": "CVE-2006-3502", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-08-03T01:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21253"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/651844"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27741"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19289"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3101"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28144"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/651844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19289"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28144"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}