Re: Today's OS X Security Update & ColorSync

• Subject: Re: Today's OS X Security Update & ColorSync
• From: Tom Beckenham <email@hidden>
• Date: Wed, 26 Jan 2005 11:42:48 +1100
• Delivered-to: email@hidden
• Delivered-to: email@hidden
• User-agent: Microsoft-Entourage/11.1.0.040913

>From http://docs.info.apple.com/article.html?artnum=300770

Component: ColorSync
 Available for: Mac OS X v10.3.7, Mac OS X Server v10.3.7, Mac OS X v10.2.8,
Mac OS X Server v10.2.8
 CVE-ID: CAN-2005-0126
 Impact: Malformed ICC color profiles could overwrite the program heap,
resulting in arbitrary code execution.
 Description: An out-of-specification or improperly embedded ICC color
profile could overwrite the program heap and allow arbitrary code execution.
There are no known exploits for this issue. With this update, ColorSync will
reject incorrectly-formed ICC color profiles.




On 26/1/05 11:35 AM, "Gary Smith" <email@hidden> wrote:

> Does anyone have any info about today's Security Update for OS X
> 10.3.7 & 10.2.8? I'm curious as to what the vulnerability that
> involved ColorSync was (is).
> 
> Gary Smith
>  _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Colorsync-users mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/colorsync-users/tbeckenham%40quickcut.c
> om.au
> 
> This email sent to email@hidden


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Colorsync-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/colorsync-users/email@hidden

This email sent to email@hidden

• Prev by Date: Re: Today's OS X Security Update & ColorSync
• Next by Date: OT-parts
• Previous by thread: Re: Today's OS X Security Update & ColorSync
• Next by thread: OT-parts
• Index(es):
  • Date
  • Thread