Intrusion Prevention

Apple.macOS.ImageIO.GIF.Image.Integer.Overflow

Description

This indicates an attempt to exploit an integer overflow vulnerability in in Apple Mac OS X.
The "gifGetBandProc" function in "ImageIO" in Apple Mac OS X has an integer overflow vulnerability. A remote attacker can execute arbitrary code on a vulnerable system via a crafted GIF image that triggers the overflow during decompression.

Affected Products

Apple Mac OS X version 10.3.9 and prior.
Apple Mac OS X Server version 10.3.9 and prior.
Apple Mac OS X version 10.4.8 and prior.
Apple Mac OS X Server version 10.4.8 and prior.

Impact

System compromise: remote code execution.

Recommended Actions

Apply the patch, available from the Web site.
http://www.apple.com/support/downloads/

CVE References

CVE-2007-1071