Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1071Apple MAC OS X vulnerability

4 documents4 sources
Severity
7.8HIGHNVD
EPSS
50.7%
top 2.14%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedFeb 22
Latest updateMay 1

Description

Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDapple/mac_os_x10.4.8

🔴Vulnerability Details

1
GHSA
GHSA-q5qp-74pm-f7qq: Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 102022-05-01

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX 10.4.8 - ImageIO GIF Image Integer Overflow2007-02-20

📋Vendor Advisories

1
Red Hat
glibc: fnmatch() alloca()-based memory corruption flaw2010-08-05
CVE-2007-1071 — Apple MAC OS X vulnerability | cvebase