NVD Vulnerability Detail

CVE-2006-1983

Summary	Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.
Publication Date	April 22, 2006, 7:02 a.m.
Registration Date	Jan. 29, 2021, 3:36 p.m.
Last Update	July 20, 2017, 10:31 a.m.

CVSS2.0 : MEDIUM
Score	6.4
Vector	AV:N/AC:L/Au:N/C:N/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:apple:mac_os_x:10.3:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.1:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.2:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.3:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.4:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.5:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.6:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.7:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.8:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
cpe:2.3:o:apple:mac_os_x:10.4:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.1:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.2:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.3:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.4:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.5:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.6:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.7:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.8:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.1:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.2:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.3:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.4:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.5:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.6:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.apple.com/archives/security-announce/2006/May/msg00003.html	APPLE	Patch
2	http://secunia.com/advisories/19686	SECUNIA	Vendor Advisory
3	http://secunia.com/advisories/20077	SECUNIA	Patch Vendor Advisory
4	http://securitytracker.com/id?1016067	SECTRACK	Patch
5	http://www.osvdb.org/24821	OSVDB
6	http://www.osvdb.org/24822	OSVDB
7	http://www.securityfocus.com/bid/17634	BID	Exploit
8	http://www.securityfocus.com/bid/17951	BID
9	http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233	MISC	Exploit
10	http://www.security-protocols.com/sp-x28-advisory.php	MISC	Vendor Advisory
11	http://www.security-protocols.com/sp-x30-advisory.php	MISC	Vendor Advisory
12	http://www.us-cert.gov/cas/techalerts/TA06-132A.html	CERT	Patch Third Party Advisory US Government Resource
13	http://www.vupen.com/english/advisories/2006/1452	VUPEN	Vendor Advisory
14	http://www.vupen.com/english/advisories/2006/1779	VUPEN	Vendor Advisory
15	https://exchange.xforce.ibmcloud.com/vulnerabilities/25949	XF
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/25951	XF

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:apple:mac_os_x:10.3:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.1:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.2:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.3:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.4:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.5:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.6:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.7:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.8:::::::*
cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
cpe:2.3:o:apple:mac_os_x:10.4:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.1:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.2:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.3:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.4:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.5:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.6:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.7:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.8:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.1:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.2:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.3:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.4:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.5:::::::*
cpe:2.3:o:apple:mac_os_x_server:10.4.6:::::::*