Sign-up

ID

VAR-200605-0019


CVE

CVE-2006-2277


TITLE

Apple Mac OS X ImageIO OpenEXR Image File Remote Denial Of Service Vulnerability

Trust: 0.9

sources: BID: 17768 // CNNVD: CNNVD-200605-144

DESCRIPTION

Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file. ImageIO is susceptible to a remote denial-of-service vulnerability. This issue is do to a failure to properly process malicious OpenEXR image files. This issue allows remote users to crash applications that use the ImageIO API, denying further service to users

Trust: 1.26

sources: NVD: CVE-2006-2277 // BID: 17768 // VULHUB: VHN-18385

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.6

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.6

vendor:applemodel:safari rss pre-releasescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:mobile safariscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

sources: BID: 17768 // CNNVD: CNNVD-200605-144 // NVD: CVE-2006-2277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-2277
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200605-144
value: MEDIUM

Trust: 0.6

VULHUB: VHN-18385
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-2277
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-18385
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-18385 // CNNVD: CNNVD-200605-144 // NVD: CVE-2006-2277

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2277

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-144

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200605-144

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-18385

EXTERNAL IDS
db:NVDid:CVE-2006-2277
Trust: 2.0
db:BIDid:17768
Trust: 2.0
db:OSVDBid:27780
Trust: 1.7
db:CNNVDid:CNNVD-200605-144
Trust: 0.7
db:BUGTRAQid:20060429 IMAGE FILE CRASHES FINDER, SAFARI AND OTHER APPS
Trust: 0.6
db:EXPLOIT-DBid:27790
Trust: 0.1
db:SEEBUGid:SSVID-81382
Trust: 0.1
db:VULHUBid:VHN-18385
Trust: 0.1
sources:
            
            
            VULHUB: VHN-18385 // 
            
            
            
            BID: 17768 // 
            
            
            
            CNNVD: CNNVD-200605-144 // 
            
            
            
            NVD: CVE-2006-2277

REFERENCES
url:http://www.securityfocus.com/bid/17768
Trust: 1.7
url:http://www.osvdb.org/27780
Trust: 1.7
url:http://www.securityfocus.com/archive/1/432587/100/0/threaded
Trust: 1.1
url:https://github.com/openexr/openexr/issues/564
Trust: 1.1
url:http://www.securityfocus.com/archive/1/archive/1/432587/100/0/threaded
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.openexr.com/
Trust: 0.3
url:http://www.apple.com/safari/
Trust: 0.3
url:/archive/1/432587
Trust: 0.3
sources:
            
            
            VULHUB: VHN-18385 // 
            
            
            
            BID: 17768 // 
            
            
            
            CNNVD: CNNVD-200605-144 // 
            
            
            
            NVD: CVE-2006-2277

CREDITS
Discovery of this issue is credited to Christian <cmertes@techfak.uni-bielefeld.de>.
Trust: 0.9
sources:
            
            
            BID: 17768 // 
            
            
            
            CNNVD: CNNVD-200605-144

SOURCES
db:VULHUBid:VHN-18385
db:BIDid:17768
db:CNNVDid:CNNVD-200605-144
db:NVDid:CVE-2006-2277

LAST UPDATE DATE
2024-08-14T14:08:34.873000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-18385date:2018-10-18T00:00:00
db:BIDid:17768date:2016-07-06T14:40:00
db:CNNVDid:CNNVD-200605-144date:2007-08-13T00:00:00
db:NVDid:CVE-2006-2277date:2018-10-18T16:38:56.287

SOURCES RELEASE DATE
db:VULHUBid:VHN-18385date:2006-05-10T00:00:00
db:BIDid:17768date:2006-05-01T00:00:00
db:CNNVDid:CNNVD-200605-144date:2006-05-09T00:00:00
db:NVDid:CVE-2006-2277date:2006-05-10T02:14:00