CVE-2014-4481 PoC — 多款Apple产品CoreGraphics 整数溢出漏洞

Source

Associated Vulnerability

Description

Apple CoreGraphics framework fails to validate the input when parsing CCITT group 3 encoded data resulting in a heap overflow condition. A small heap memory allocation can be overflowed with controlled data from the input resulting in arbitrary code execution in the context of Mobile Safari.

Readme

CoreGraphics CCITT Memory Corruption - CVE-2014-4481
====================================================

Apple CoreGraphics framework fails to validate the input when parsing CCITT group 3 encoded data resulting in a heap overflow condition. A small heap memory allocation can be overflowed with controlled data from the input resulting in arbitrary code execution in the context of Mobile Safari

Summary
========
* Title: Apple CoreGraphics Memory Corruption
* CVE Name: CVE-2014-4481
* Permalink: http://blog.binamuse.com/2015/01/coregraphics-ccitt-memory-corruption.html
* Date published: 2015-01-27
* Date of last update: 2015-01-27
* Class: Client side / Integer Overflow / Memory Corruption
* Advisory: HT204245

File Snapshot

 [4.0K]  /data/pocs/b8323fdc616af40cb33d2219fae33552539626f6
├── [132K]  AppleCoreGraphicsCCITTVuln.pdf
├── [4.0K]  cgi-bin
│   └── [  89]  crash.pdf
├── [ 652]  index.html
├── [3.9K]  miniPDF.py
├── [ 19K]  mkCrash.py
├── [ 722]  README.md
└── [ 622]  run.py

1 directory, 7 files

Remarks