cvelistv5 - cve-2016-4682

CVE-2016-4682 (GCVE-0-2016-4682)

Vulnerability from cvelistv5 – Published: 2017-02-20 08:35 – Updated: 2024-08-06 00:39

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://www.securitytracker.com/id/1037086	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/93852	vdb-entryx_refsource_BID
	https://support.apple.com/HT207275	x_refsource_CONFIRM
	https://support.apple.com/HT207170	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:39:25.911Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037086",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037086"
          },
          {
            "name": "93852",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93852"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207275"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207170"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "1037086",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037086"
        },
        {
          "name": "93852",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93852"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207275"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207170"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4682",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037086",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037086"
            },
            {
              "name": "93852",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93852"
            },
            {
              "name": "https://support.apple.com/HT207275",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207275"
            },
            {
              "name": "https://support.apple.com/HT207170",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207170"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2016-4682",
    "datePublished": "2017-02-20T08:35:00",
    "dateReserved": "2016-05-11T00:00:00",
    "dateUpdated": "2024-08-06T00:39:25.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.12.0\", \"matchCriteriaId\": \"4541211A-5DDA-4311-85C1-23C34295877A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \\\"ImageIO\\\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12 est\\u00e1 afectado. macOS en versiones anteriores a 10.12.1 est\\u00e1 afectado. El problema involucra el componente \\\"ImageIO\\\". Esto permite a atacantes remotos obtener informaci\\u00f3n sensible o provocar una denegaci\\u00f3n de servicio (lectura fuera de l\\u00edmites y ca\\u00edda de la aplicaci\\u00f3n) a trav\\u00e9s de un archivo SGI manipulado.\"}]",
      "id": "CVE-2016-4682",
      "lastModified": "2024-11-21T02:52:45.710",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:P\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-02-20T08:59:00.900",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/93852\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037086\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT207170\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207275\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93852\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037086\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT207170\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207275\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-4682\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-02-20T08:59:00.900\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \\\"ImageIO\\\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12 est\u00e1 afectado. macOS en versiones anteriores a 10.12.1 est\u00e1 afectado. El problema involucra el componente \\\"ImageIO\\\". Esto permite a atacantes remotos obtener informaci\u00f3n sensible o provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo SGI manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.12.0\",\"matchCriteriaId\":\"4541211A-5DDA-4311-85C1-23C34295877A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/93852\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037086\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT207170\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207275\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93852\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037086\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT207170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207275\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2016-AVI-359

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Apple macOS Sierra versions antérieures à 10.12.1
Apple	N/A	Apple iOS versions antérieures à 10.1
Apple	N/A	Apple watchOS versions antérieures à 3.1
Apple	Safari	Apple Safari versions antérieures à 10.0.1
Apple	N/A	Apple tvOS versions antérieures à 10.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207270 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207269 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207271 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207272 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207275 du 24 octobre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple macOS Sierra versions ant\u00e9rieures \u00e0 10.12.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 10.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 10.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 10.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4678"
    },
    {
      "name": "CVE-2016-4680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4680"
    },
    {
      "name": "CVE-2016-7579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7579"
    },
    {
      "name": "CVE-2016-4675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4675"
    },
    {
      "name": "CVE-2016-4664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4664"
    },
    {
      "name": "CVE-2016-4663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4663"
    },
    {
      "name": "CVE-2016-4613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4613"
    },
    {
      "name": "CVE-2016-4660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4660"
    },
    {
      "name": "CVE-2016-4666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4666"
    },
    {
      "name": "CVE-2016-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4674"
    },
    {
      "name": "CVE-2016-4662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4662"
    },
    {
      "name": "CVE-2016-4679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4679"
    },
    {
      "name": "CVE-2016-4661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4661"
    },
    {
      "name": "CVE-2016-4667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4667"
    },
    {
      "name": "CVE-2016-4665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4665"
    },
    {
      "name": "CVE-2016-4677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4677"
    },
    {
      "name": "CVE-2016-4670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4670"
    },
    {
      "name": "CVE-2016-4671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4671"
    },
    {
      "name": "CVE-2016-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4673"
    },
    {
      "name": "CVE-2016-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
    },
    {
      "name": "CVE-2016-4669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4669"
    },
    {
      "name": "CVE-2016-4682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4682"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-359",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207270 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207270"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207269 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207269"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207271 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207271"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207272 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207272"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207275 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207275"
    }
  ]
}

CERTFR-2016-AVI-359

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Apple macOS Sierra versions antérieures à 10.12.1
Apple	N/A	Apple iOS versions antérieures à 10.1
Apple	N/A	Apple watchOS versions antérieures à 3.1
Apple	Safari	Apple Safari versions antérieures à 10.0.1
Apple	N/A	Apple tvOS versions antérieures à 10.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207270 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207269 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207271 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207272 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207275 du 24 octobre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple macOS Sierra versions ant\u00e9rieures \u00e0 10.12.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 10.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 10.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 10.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4678"
    },
    {
      "name": "CVE-2016-4680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4680"
    },
    {
      "name": "CVE-2016-7579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7579"
    },
    {
      "name": "CVE-2016-4675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4675"
    },
    {
      "name": "CVE-2016-4664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4664"
    },
    {
      "name": "CVE-2016-4663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4663"
    },
    {
      "name": "CVE-2016-4613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4613"
    },
    {
      "name": "CVE-2016-4660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4660"
    },
    {
      "name": "CVE-2016-4666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4666"
    },
    {
      "name": "CVE-2016-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4674"
    },
    {
      "name": "CVE-2016-4662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4662"
    },
    {
      "name": "CVE-2016-4679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4679"
    },
    {
      "name": "CVE-2016-4661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4661"
    },
    {
      "name": "CVE-2016-4667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4667"
    },
    {
      "name": "CVE-2016-4665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4665"
    },
    {
      "name": "CVE-2016-4677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4677"
    },
    {
      "name": "CVE-2016-4670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4670"
    },
    {
      "name": "CVE-2016-4671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4671"
    },
    {
      "name": "CVE-2016-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4673"
    },
    {
      "name": "CVE-2016-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
    },
    {
      "name": "CVE-2016-4669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4669"
    },
    {
      "name": "CVE-2016-4682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4682"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-359",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207270 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207270"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207269 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207269"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207271 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207271"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207272 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207272"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207275 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207275"
    }
  ]
}

VAR-201702-0341

Vulnerability from variot - Updated: 2023-12-18 11:50

An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. ImageIO is one of the static methods used to perform common image I/O operations. Attackers can use malicious images to exploit this vulnerability to cause process memory leaks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1

macOS Sierra 10.12.1 is now available and addresses the following:

AppleGraphicsControl Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved lock state checking. CVE-2016-4662: Apple

AppleSMC Available for: macOS Sierra 10.12 Impact: A local user may be able to elevate privileges Description: A null pointer dereference was addressed through improved locking. CVE-2016-4678: daybreaker@Minionz working with Trend Micro's Zero Day Initiative

ATS Available for: macOS Sierra 10.12 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4667: Simmon Huang of alipay, Thelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic

ATS Available for: macOS Sierra 10.12 Impact: A local user may be able to execute arbitrary code with additional privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team

CFNetwork Proxies Available for: macOS Sierra 10.12 Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts. CVE-2016-7579: Jerry Decime

CoreGraphics Available for: macOS Sierra 10.12 Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

FaceTime Available for: macOS Sierra 10.12 Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com

FontParser Available for: macOS Sierra 10.12 Impact: Parsing a maliciously crafted font may disclose sensitive user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab

ImageIO Available for: OS X El Capitan v10.11.6 Impact: Parsing a maliciously crafted PDF may lead to arbitrary code execution Description: An out-of-bounds write was addressed through improved bounds checking. CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin (@fuzzerDOTcn)

ImageIO Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: Processing a maliciously crafted image may result in the disclosure of process memory Description: An out-of-bounds read issue existed in the SGI image parsing. This issue was addressed through improved bounds checking. CVE-2016-4682: Ke Liu of Tencent's Xuanwu Lab

libarchive Available for: macOS Sierra 10.12 Impact: A malicious archive may be able to overwrite arbitrary files Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-2016-4679: Omer Medan of enSilo Ltd

libxpc Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12 Impact: An application may be able to execute arbitrary code with root privileges Description: A logic issue was addressed through additional restrictions. CVE-2016-4675: Ian Beer of Google Project Zero

ntfs Available for: macOS Sierra 10.12 Impact: An application may be able to cause a denial of service Description: An issue existed in the parsing of disk images. This issue was addressed through improved validation. CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office for Information Security)

NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: An application may be able to cause a denial of service Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4663: Apple

System Boot Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12 Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation. CVE-2016-4669: Ian Beer of Google Project Zero

macOS Sierra 10.12.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP 8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep Gil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD 4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K k8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E wUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1 NwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA WbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G cjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1 GfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9 J5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV E0naX6k6U0S+vJiI0JU7 =eHH+ -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0341",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.12.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.12.0"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93852"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007369"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4682"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-710"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.12.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4682"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Recurity Labs on behalf of BSI (German Federal Office for Information Security), Simmon Huang of alipay, Thelongestusernameofall@gmail.com, Moony Li of TrendMicro, @Flyic, Ke Liu of Tencent\u0027s Xuanwu Lab, Juwei Lin (@fuzzerDOTcn), Shrek_wzw of Qihoo 360 Ni",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-710"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-4682",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-4682",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-93501",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-4682",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4682",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-710",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-93501",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93501"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007369"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4682"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-710"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file. Apple macOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, gain  sensitive information, cause denial-of-service conditions, bypass  security restrictions, gain elevated privileges and perform unauthorized  actions. This may aid in other attacks. ImageIO is one of the static methods used to perform common image I/O operations. Attackers can use malicious images to exploit this vulnerability to cause process memory leaks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-10-24-2 macOS Sierra 10.12.1\n\nmacOS Sierra 10.12.1 is now available and addresses the following:\n\nAppleGraphicsControl\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\nlock state checking. \nCVE-2016-4662: Apple\n\nAppleSMC\nAvailable for:  macOS Sierra 10.12\nImpact: A local user may be able to elevate privileges\nDescription: A null pointer dereference was addressed through\nimproved locking. \nCVE-2016-4678: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nATS\nAvailable for:  macOS Sierra 10.12\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-4667: Simmon Huang of alipay,\nThelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic\n\nATS\nAvailable for:  macOS Sierra 10.12\nImpact: A local user may be able to execute arbitrary code with\nadditional privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team\n\nCFNetwork Proxies\nAvailable for:  macOS Sierra 10.12\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: A phishing issue existed in the handling of proxy\ncredentials. This issue was addressed by removing unsolicited proxy\npassword authentication prompts. \nCVE-2016-7579: Jerry Decime\n\nCoreGraphics\nAvailable for:  macOS Sierra 10.12\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),\nTencent\n\nFaceTime\nAvailable for:  macOS Sierra 10.12\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com\n\nFontParser\nAvailable for:  macOS Sierra 10.12\nImpact: Parsing a maliciously crafted font may disclose sensitive\nuser information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4660: Ke Liu of Tencent\u0027s Xuanwu Lab\n\nImageIO\nAvailable for:  OS X El Capitan v10.11.6\nImpact: Parsing a maliciously crafted PDF may lead to arbitrary code\nexecution\nDescription: An out-of-bounds write was addressed through improved\nbounds checking. \nCVE-2016-4671: Ke Liu of Tencent\u0027s Xuanwu Lab, Juwei Lin\n(@fuzzerDOTcn)\n\nImageIO\nAvailable for:  OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6\nImpact: Processing a maliciously crafted image may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read issue existed in the SGI image\nparsing. This issue was addressed through improved bounds checking. \nCVE-2016-4682: Ke Liu of Tencent\u0027s Xuanwu Lab\n\nlibarchive\nAvailable for:  macOS Sierra 10.12\nImpact: A malicious archive may be able to overwrite arbitrary files\nDescription: An issue existed within the path validation logic for\nsymlinks. This issue was addressed through improved path\nsanitization. \nCVE-2016-4679: Omer Medan of enSilo Ltd\n\nlibxpc\nAvailable for:  OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: A logic issue was addressed through additional\nrestrictions. \nCVE-2016-4675: Ian Beer of Google Project Zero\n\nntfs\nAvailable for:  macOS Sierra 10.12\nImpact: An application may be able to cause a denial of service\nDescription: An issue existed in the parsing of disk images. This\nissue was addressed through improved validation. \nCVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office\nfor Information Security)\n\nNVIDIA Graphics Drivers\nAvailable for:  OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6\nImpact: An application may be able to cause a denial of service\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-4663: Apple\n\nSystem Boot\nAvailable for:  OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: Multiple input validation issues existed in MIG\ngenerated code. These issues were addressed through improved\nvalidation. \nCVE-2016-4669: Ian Beer of Google Project Zero\n\nmacOS Sierra 10.12.1 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP\n8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep\nGil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD\n4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K\nk8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E\nwUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1\nNwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA\nWbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G\ncjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1\nGfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9\nJ5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV\nE0naX6k6U0S+vJiI0JU7\n=eHH+\n-----END PGP SIGNATURE-----\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4682"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007369"
      },
      {
        "db": "BID",
        "id": "93852"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93501"
      },
      {
        "db": "PACKETSTORM",
        "id": "139320"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4682",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "93852",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1037086",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU90743185",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007369",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-710",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-16-589",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-93501",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139320",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93501"
      },
      {
        "db": "BID",
        "id": "93852"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007369"
      },
      {
        "db": "PACKETSTORM",
        "id": "139320"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4682"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-710"
      }
    ]
  },
  "id": "VAR-201702-0341",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93501"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:50:53.672000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1",
        "trust": 0.8,
        "url": "https://lists.apple.com/archives/security-announce/2016/oct/msg00001.html"
      },
      {
        "title": "HT207275",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207275"
      },
      {
        "title": "HT207275",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207275"
      },
      {
        "title": "Apple macOS Sierra ImageIO Repair measures for border read vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65073"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-710"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93501"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007369"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4682"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/93852"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht207170"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht207275"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1037086"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4682"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu90743185/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4682"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-ie/ht207275"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-16-589/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4675"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4682"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4661"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4678"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4667"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4669"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4660"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4635"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4674"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4671"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4679"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7579"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4663"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4673"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93501"
      },
      {
        "db": "BID",
        "id": "93852"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007369"
      },
      {
        "db": "PACKETSTORM",
        "id": "139320"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4682"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-710"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-93501"
      },
      {
        "db": "BID",
        "id": "93852"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007369"
      },
      {
        "db": "PACKETSTORM",
        "id": "139320"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4682"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-710"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93501"
      },
      {
        "date": "2016-10-24T00:00:00",
        "db": "BID",
        "id": "93852"
      },
      {
        "date": "2017-02-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007369"
      },
      {
        "date": "2016-10-24T21:46:59",
        "db": "PACKETSTORM",
        "id": "139320"
      },
      {
        "date": "2017-02-20T08:59:00.900000",
        "db": "NVD",
        "id": "CVE-2016-4682"
      },
      {
        "date": "2016-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-710"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93501"
      },
      {
        "date": "2016-11-24T01:08:00",
        "db": "BID",
        "id": "93852"
      },
      {
        "date": "2017-02-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007369"
      },
      {
        "date": "2017-07-29T01:34:09.163000",
        "db": "NVD",
        "id": "CVE-2016-4682"
      },
      {
        "date": "2017-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-710"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-710"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple OS X of  ImageIO Vulnerabilities that can capture important information in components",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007369"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-710"
      }
    ],
    "trust": 0.6
  }
}

GHSA-VWMR-RVGR-Q928

Vulnerability from github – Published: 2022-05-17 02:23 – Updated: 2022-05-17 02:23

Details

Severity ?

7.1 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-4682"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-20T08:59:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file.",
  "id": "GHSA-vwmr-rvgr-q928",
  "modified": "2022-05-17T02:23:36Z",
  "published": "2022-05-17T02:23:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4682"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207170"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207275"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93852"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037086"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-4682

Vulnerability from fkie_nvd - Published: 2017-02-20 08:59 - Updated: 2025-04-20 01:37

Severity ?

7.1 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Summary

References

URL	Tags
product-security@apple.com	http://www.securityfocus.com/bid/93852	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1037086
product-security@apple.com	https://support.apple.com/HT207170	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT207275	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93852	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037086
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207170	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207275	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4541211A-5DDA-4311-85C1-23C34295877A",
              "versionEndIncluding": "10.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12 est\u00e1 afectado. macOS en versiones anteriores a 10.12.1 est\u00e1 afectado. El problema involucra el componente \"ImageIO\". Esto permite a atacantes remotos obtener informaci\u00f3n sensible o provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo SGI manipulado."
    }
  ],
  "id": "CVE-2016-4682",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-20T08:59:00.900",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93852"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1037086"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207170"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207275"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-4682

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-4682

Aliases

CVE-2016-4682

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4682",
    "description": "An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file.",
    "id": "GSD-2016-4682"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4682"
      ],
      "details": "An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file.",
      "id": "GSD-2016-4682",
      "modified": "2023-12-13T01:21:18.922108Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2016-4682",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1037086",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037086"
          },
          {
            "name": "93852",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93852"
          },
          {
            "name": "https://support.apple.com/HT207275",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207275"
          },
          {
            "name": "https://support.apple.com/HT207170",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207170"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.12.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4682"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT207275",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207275"
            },
            {
              "name": "https://support.apple.com/HT207170",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207170"
            },
            {
              "name": "93852",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93852"
            },
            {
              "name": "1037086",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037086"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2017-07-29T01:34Z",
      "publishedDate": "2017-02-20T08:59Z"
    }
  }
}

CNVD-2016-10378

Vulnerability from cnvd - Published: 2016-10-31

Title

Apple macOS Sierra ImageIO越边界读取漏洞

Description

Apple macOS Sierra是美国苹果（Apple）公司为Mac计算机所开发的一套专用操作系统。ImageIO是其中的一个用来执行常见的图像I/O操作的静态方法。 Apple macOS Sierra ImageIO中的SGI图像解析存在越边界读取漏洞。攻击者可借助恶意的图像利用该漏洞造成进程内存泄露。

Severity

中

Patch Name

Apple macOS Sierra ImageIO越边界读取漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://support.apple.com/en-ie/HT207275

Reference

https://support.apple.com/en-ie/HT207275

Impacted products

Name
['Apple Mac OS X 10.11.6', 'Apple Mac OS X 10.11.3', 'Apple Mac OS X 10.11.2', 'Apple Mac OS X 10.11.1', 'Apple Mac OS X 10.10.5', 'Apple Mac OS X 10.11.5', 'Apple Mac OS X 10.11.4', 'Apple Mac OS X 10.11', 'Apple MacOS 10.12']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93852"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4682"
    }
  },
  "description": "Apple macOS Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002ImageIO\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u6765\u6267\u884c\u5e38\u89c1\u7684\u56fe\u50cfI/O\u64cd\u4f5c\u7684\u9759\u6001\u65b9\u6cd5\u3002\r\n\r\nApple macOS Sierra ImageIO\u4e2d\u7684SGI\u56fe\u50cf\u89e3\u6790\u5b58\u5728\u8d8a\u8fb9\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684\u56fe\u50cf\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8fdb\u7a0b\u5185\u5b58\u6cc4\u9732\u3002",
  "discovererName": "Ke Liu of Tencent\u0027s Xuanwu Lab",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/en-ie/HT207275",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10378",
  "openTime": "2016-10-31",
  "patchDescription": "Apple macOS Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002ImageIO\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u6765\u6267\u884c\u5e38\u89c1\u7684\u56fe\u50cfI/O\u64cd\u4f5c\u7684\u9759\u6001\u65b9\u6cd5\u3002\r\n\r\nApple macOS Sierra ImageIO\u4e2d\u7684SGI\u56fe\u50cf\u89e3\u6790\u5b58\u5728\u8d8a\u8fb9\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684\u56fe\u50cf\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8fdb\u7a0b\u5185\u5b58\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS Sierra ImageIO\u8d8a\u8fb9\u754c\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple Mac OS X 10.11.6",
      "Apple Mac OS X  10.11.3",
      "Apple Mac OS X  10.11.2",
      "Apple Mac OS X  10.11.1",
      "Apple Mac OS X  10.10.5",
      "Apple Mac OS X  10.11.5",
      "Apple Mac OS X  10.11.4",
      "Apple Mac OS X  10.11",
      "Apple MacOS 10.12"
    ]
  },
  "referenceLink": "https://support.apple.com/en-ie/HT207275",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-27",
  "title": "Apple macOS Sierra ImageIO\u8d8a\u8fb9\u754c\u8bfb\u53d6\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-4682 (GCVE-0-2016-4682)

CERTFR-2016-AVI-359

Solution

CERTFR-2016-AVI-359

Solution

VAR-201702-0341

GHSA-VWMR-RVGR-Q928

FKIE_CVE-2016-4682

GSD-2016-4682

CNVD-2016-10378

Tags

Sightings

Nomenclature