Sign-up

ID

VAR-201103-0271


CVE

CVE-2011-0170


TITLE

plural Apple Product ImageIO Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-001350

DESCRIPTION

Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image. Apple iTunes is prone to a heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. This issue affects the Apple Inc.'s CoreGraphics library. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Apple iTunes 10.2 are vulnerable. Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. There is a heap buffer overflow vulnerability in the implementation. iDefense Security Advisory 03.02.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 02, 2011 I. BACKGROUND Apple's CoreGraphics library is an API used to create and manipulate graphical elements. This API is used by many Apple applications, including the Safari browser on both Windows and Mac OS X. II. </br></br> This vulnerability occurs during the processing of an embedded International Color Consortium (ICC) profile within a JPEG image. A small block of heap memory may be allocated for processing certain profile data. An index value is used to reference locations within this heap block. The index value can be manipulated in a manner that results in multiple memory writes to locations outside the bounds of the heap allocated block. This condition may lead to arbitrary code execution. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user viewing the JPEG image. To exploit this vulnerability, a targeted user must load a malicious JPEG image. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. After the user visits the malicious Web page, no further user interaction is needed. IV. V. WORKAROUND iDefense is currently unaware of an effective workaround for this vulnerability, as it is not possible to disable the CoreGraphics Framework without major functionality loss. VI. VENDOR RESPONSE Apple Inc. has released patches which addresses this issue. For more information, consult their advisory at the following URL: http://support.apple.com/kb/HT4554 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2011-0170 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 08/11/2010 Initial Vendor Notification 08/11/2010 Initial Vendor Reply 03/02/2011 Coordinated Public Disclosure IX. CREDIT This vulnerability was discovered by Andrzej Dyjak Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2011 Verisign Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information

Trust: 2.07

sources: NVD: CVE-2011-0170 // JVNDB: JVNDB-2011-001350 // BID: 46659 // VULHUB: VHN-48115 // PACKETSTORM: 98882

AFFECTED PRODUCTS

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 1.9

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 1.9

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 1.9

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 1.9

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 1.9

vendor:applemodel:itunesscope:eqversion:10.0.1

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:10.1.1

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:10.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:9.0.3

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 1.1

vendor:applemodel:itunesscope:eqversion:7.6

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:5.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.0.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.5.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.6.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.2.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.8.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.1.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.7.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.3.0

Trust: 1.0

vendor:applemodel:itunesscope:lteversion:10.1.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.4.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.2.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.7.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.2.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:9.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.9.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.3

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.1.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.5.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.5

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:10.1.2

Trust: 0.6

vendor:applemodel:safariscope:neversion:5.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:itunesscope:neversion:10.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

sources: BID: 46659 // JVNDB: JVNDB-2011-001350 // CNNVD: CNNVD-201103-110 // NVD: CVE-2011-0170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0170
value: HIGH

Trust: 1.0

NVD: CVE-2011-0170
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201103-110
value: CRITICAL

Trust: 0.6

VULHUB: VHN-48115
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-0170
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-48115
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-48115 // JVNDB: JVNDB-2011-001350 // CNNVD: CNNVD-201103-110 // NVD: CVE-2011-0170

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-48115 // JVNDB: JVNDB-2011-001350 // NVD: CVE-2011-0170

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 98882 // CNNVD: CNNVD-201103-110

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201103-110

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-001350

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-48115

PATCH
title:HT4554url:http://support.apple.com/kb/HT4554
Trust: 0.8
title:HT4566url:http://support.apple.com/kb/HT4566
Trust: 0.8
title:HT4581url:http://support.apple.com/kb/HT4581
Trust: 0.8
title:HT4554url:http://support.apple.com/kb/HT4554?viewlocale=ja_JP
Trust: 0.8
title:HT4566url:http://support.apple.com/kb/HT4566?viewlocale=ja_JP
Trust: 0.8
title:HT4581url:http://support.apple.com/kb/HT4581?viewlocale=ja_JP
Trust: 0.8
title:iTunes 10.2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39588
Trust: 0.6
title:iTunes 10.2 for Windows (64 bit)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39587
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-001350 // 
            
            
            
            CNNVD: CNNVD-201103-110

EXTERNAL IDS
db:NVDid:CVE-2011-0170
Trust: 2.9
db:JVNDBid:JVNDB-2011-001350
Trust: 0.8
db:CNNVDid:CNNVD-201103-110
Trust: 0.7
db:IDEFENSEid:20110302 APPLE COREGRAPHICS LIBRARY HEAP MEMORY CORRUPTION VULNERABILITY
Trust: 0.6
db:APPLEid:APPLE-SA-2011-03-02-1
Trust: 0.6
db:BIDid:46659
Trust: 0.4
db:PACKETSTORMid:98882
Trust: 0.2
db:VULHUBid:VHN-48115
Trust: 0.1
sources:
            
            
            VULHUB: VHN-48115 // 
            
            
            
            BID: 46659 // 
            
            
            
            JVNDB: JVNDB-2011-001350 // 
            
            
            
            PACKETSTORM: 98882 // 
            
            
            
            CNNVD: CNNVD-201103-110 // 
            
            
            
            NVD: CVE-2011-0170

REFERENCES
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=897
Trust: 2.0
url:http://support.apple.com/kb/ht4554
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2011/mar/msg00000.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2011//mar/msg00004.html
Trust: 1.1
url:http://lists.apple.com/archives/security-announce/2011/mar/msg00006.html
Trust: 1.1
url:http://support.apple.com/kb/ht4566
Trust: 1.1
url:http://support.apple.com/kb/ht4581
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17367
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0170
Trust: 0.8
url:http://jvn.jp/cert/jvnvu556020
Trust: 0.8
url:http://jvn.jp/cert/jvnvu643615
Trust: 0.8
url:http://jvn.jp/cert/jvnvu636925
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0170
Trust: 0.8
url:http://www.apple.com/itunes/
Trust: 0.3
url:http://cve.mitre.org/),
Trust: 0.1
url:http://labs.idefense.com/intelligence/vulnerabilities/
Trust: 0.1
url:http://labs.idefense.com/methodology/vulnerability/vcp.php
Trust: 0.1
url:http://labs.idefense.com/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-0170
Trust: 0.1
sources:
            
            
            VULHUB: VHN-48115 // 
            
            
            
            BID: 46659 // 
            
            
            
            JVNDB: JVNDB-2011-001350 // 
            
            
            
            PACKETSTORM: 98882 // 
            
            
            
            CNNVD: CNNVD-201103-110 // 
            
            
            
            NVD: CVE-2011-0170

CREDITS
Andrzej Dyjak working with iDefense VCP
Trust: 0.3
sources:
            
            
            BID: 46659

SOURCES
db:VULHUBid:VHN-48115
db:BIDid:46659
db:JVNDBid:JVNDB-2011-001350
db:PACKETSTORMid:98882
db:CNNVDid:CNNVD-201103-110
db:NVDid:CVE-2011-0170

LAST UPDATE DATE
2025-04-11T19:54:59.529000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-48115date:2017-09-19T00:00:00
db:BIDid:46659date:2011-03-21T20:07:00
db:JVNDBid:JVNDB-2011-001350date:2011-04-04T00:00:00
db:CNNVDid:CNNVD-201103-110date:2011-03-04T00:00:00
db:NVDid:CVE-2011-0170date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-48115date:2011-03-03T00:00:00
db:BIDid:46659date:2011-03-02T00:00:00
db:JVNDBid:JVNDB-2011-001350date:2011-04-04T00:00:00
db:PACKETSTORMid:98882date:2011-03-03T23:41:10
db:CNNVDid:CNNVD-201103-110date:2011-03-04T00:00:00
db:NVDid:CVE-2011-0170date:2011-03-03T20:00:02.597