Apple Mac OS X QuickDraw Manager Buffer Overflow in PICT Handling

Key Information Vulnerability Title: Apple Mac OS X QuickDraw Manager fails to properly handle corrupt PICT files Vulnerability ID: VU#529945 Release Date: 2005-09-27 Last Revised: 2005-09-27 Overview Apple Mac OS X QuickDraw Manager contains a buffer overflow that may allow a remote attacker to execute arbitrary code. Description Apple Mac OS X QuickDraw is a 2D graphics library. It is used by several applications, including Safari, Mail, and Finder. QuickDraw is used to render PICT images on Mac systems. QuickDraw Manager contains an unspecified buffer overflow in the handling of PICT images. Impact By convincing a user to view a specially crafted PICT image (e.g., contained within a web page or an HTML email message), an attacker could execute arbitrary code with the privileges of the user. The attacker could also cause the application using the QuickDraw library to crash. Solution Apply an update. Please see Apple Security Update 2005-008 for details on workarounds, fixes, and updates. Vendor Information Apple Computer, Inc. - Affected CVSS Metrics Base Score: Not specified in the screenshot References Apple Documentation Apple Developer Documentation Additional Apple Developer Documentation AUSCERT SecurityTracker SecurityFocus Secunia XForce CA Security Advisor Acknowledgments Thanks to Apple Product Security for reporting this vulnerability, who in turn credit Henrik Dalgaard of Echo One. Additional Information CVE ID: CVE-2005-2744 Severity Metric: 28.69 Public Disclosure Date: 2005-09-21 Initial Release Date: 2005-09-27 Last Updated: 2005-09-27 15:29 UTC Document Revision Version: 10

Goal Reached Thanks to every supporter — we hit 100%!

Apple Mac OS X QuickDraw Manager Buffer Overflow in PICT Handling