CVE-2011-0200 — Insecure Temporary File in Apple MAC OS X

CWE-189 CWE-377 — Insecure Temporary File7 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

4.5%

top 10.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedJun 24

Latest updateMay 17

Description

Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDapple/mac_os_x8 versions+7

▶NVDapple/mac_os_x_server8 versions+7

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-6c88-gv2x-2fhc: Integer overflow in ColorSync in Apple Mac OS X before 10↗2022-05-17

▶

CVEList

CVE-2011-0200: Integer overflow in ColorSync in Apple Mac OS X before 10↗2011-06-24

▶

📋Vendor Advisories

Red Hat

hplip: insecure temporary file handling flaws↗2013-02-21

▶

💬Community

Bugzilla

CVE-2013-0200 hplip: insecure temporary file handling flaws↗2013-01-21

▶

Bugzilla

CVE-2006-1168 busybox: uncompress buffer underflow↗2011-08-05

▶