cbcvebase.
CVE-2007-1071
published 2007-02-22

CVE-2007-1071: Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault)…

PriorityP343high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
18.24%
96.9th percentile
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.

Affected

2 ranges
VendorProductVersion rangeFixed in
applemac_os_x
applemac_os_x_server

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29620-1.gif
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29620-2.gif
  • Crash occurs in gifGetBandProc() within ImageIO during GIF decompression; monitor for EXC_BAD_ACCESS / KERN_INVALID_ADDRESS signals originating from this function on Mac OS X 10.4.8.
  • The exploit is triggered via Safari rendering a malformed GIF; the call stack passes through WebImageData imageAtIndex: → CGImagePlusCreateImage → CGImagePlusUpdateCache → gifGetBandProc. Detect anomalous Safari crashes involving this call chain.
  • Delivery vector is a specially crafted .gif file served to Safari; inspect HTTP responses delivering GIF content to Mac OS X 10.4.8 clients for malformed GIF data that triggers integer overflow in gifGetBandProc during decompression.
  • ·Vulnerability is confirmed only on Mac OS X 10.4.8; previous versions may also be affected but are unconfirmed.
  • ·Arbitrary code execution via this overflow has not been confirmed; denial-of-service (segfault/crash) is the demonstrated impact.
  • ·This is a distinct issue from CVE-2006-3502 and CVE-2006-3503 despite involving the same ImageIO GIF handling subsystem.

CVSS provenance

nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.