Details of VAR-201607-0367

ID

VAR-201607-0367

CVE

CVE-2016-4629

TITLE

Apple OS X of ImageIO Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-004026

DESCRIPTION

ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. ImageIO is one of the static methods used to perform common image I/O operations

Trust: 2.07

sources: NVD: CVE-2016-4629 // JVNDB: JVNDB-2016-004026 // BID: 91824 // VULHUB: VHN-93448 // VULMON: CVE-2016-4629

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 and later	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	mac os security update	scope:	ne	version:	x2016	Trust: 0.3

sources: BID: 91824 // JVNDB: JVNDB-2016-004026 // CNNVD: CNNVD-201607-884 // NVD: CVE-2016-4629

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4629
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-4629
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201607-884
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-93448
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-4629
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-4629
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-93448
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4629
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93448 // VULMON: CVE-2016-4629 // JVNDB: JVNDB-2016-004026 // CNNVD: CNNVD-201607-884 // NVD: CVE-2016-4629

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-93448 // JVNDB: JVNDB-2016-004026 // NVD: CVE-2016-4629

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-884

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201607-884

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004026

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004	url:	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/en-us/HT206903	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/ja-jp/HT206903	Trust: 0.8
title:	Apple OS X ImageIO Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63244	Trust: 0.6
title:	Apple: OS X El Capitan v10.11.6 and Security Update 2016-004	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0d15a2e676b3d7c13f2468e8bb26534c	Trust: 0.1

sources: VULMON: CVE-2016-4629 // JVNDB: JVNDB-2016-004026 // CNNVD: CNNVD-201607-884

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4629	Trust: 2.9
db:	BID	id:	91824	Trust: 1.5
db:	TALOS	id:	TALOS-2016-0180	Trust: 1.2
db:	SECTRACK	id:	1036348	Trust: 1.2
db:	JVN	id:	JVNVU94844193	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-004026	Trust: 0.8
db:	CNNVD	id:	CNNVD-201607-884	Trust: 0.7
db:	TALOS	id:	TALOS-2016-0181	Trust: 0.6
db:	ZDI	id:	ZDI-16-496	Trust: 0.3
db:	ZDI	id:	ZDI-16-437	Trust: 0.3
db:	ZDI	id:	ZDI-16-431	Trust: 0.3
db:	ZDI	id:	ZDI-16-435	Trust: 0.3
db:	SEEBUG	id:	SSVID-96730	Trust: 0.1
db:	VULHUB	id:	VHN-93448	Trust: 0.1
db:	VULMON	id:	CVE-2016-4629	Trust: 0.1

sources: VULHUB: VHN-93448 // VULMON: CVE-2016-4629 // BID: 91824 // JVNDB: JVNDB-2016-004026 // CNNVD: CNNVD-201607-884 // NVD: CVE-2016-4629

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html	Trust: 1.8
url:	https://support.apple.com/ht206903	Trust: 1.8
url:	http://www.securityfocus.com/bid/91824	Trust: 1.2
url:	http://www.talosintelligence.com/reports/talos-2016-0180/	Trust: 1.2
url:	https://github.com/openexr/openexr/issues/563	Trust: 1.2
url:	http://www.securitytracker.com/id/1036348	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4629	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94844193/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4629	Trust: 0.8
url:	http://www.talosintelligence.com/reports/talos-2016-0181/	Trust: 0.6
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-431/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-435/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-437/	Trust: 0.3
url:	apple os x acmp4aacbasedecoder out-of-bounds read information disclosure vulnerability	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-496/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht206903	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=47129	Trust: 0.1

sources: VULHUB: VHN-93448 // VULMON: CVE-2016-4629 // BID: 91824 // JVNDB: JVNDB-2016-004026 // CNNVD: CNNVD-201607-884 // NVD: CVE-2016-4629

CREDITS

Jonathan Lewis from DeARX Services (PTY) LTD, Ke Liu of Tencent's Xuanwu Lab, Ian Beer of Google Project Zero, Tyler Bohan of Cisco Talos, Stefan Esser of SektionEins, Yubin Fu of Tencent KeenLab working with TrendMicro's Zero Day Initiative, Abhinav Bansa

Trust: 0.3

sources: BID: 91824

SOURCES

db:	VULHUB	id:	VHN-93448
db:	VULMON	id:	CVE-2016-4629
db:	BID	id:	91824
db:	JVNDB	id:	JVNDB-2016-004026
db:	CNNVD	id:	CNNVD-201607-884
db:	NVD	id:	CVE-2016-4629

LAST UPDATE DATE

2025-04-13T20:03:52.150000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93448	date:	2017-09-01T00:00:00
db:	VULMON	id:	CVE-2016-4629	date:	2017-09-01T00:00:00
db:	BID	id:	91824	date:	2016-08-29T19:00:00
db:	JVNDB	id:	JVNDB-2016-004026	date:	2016-07-28T00:00:00
db:	CNNVD	id:	CNNVD-201607-884	date:	2016-07-26T00:00:00
db:	NVD	id:	CVE-2016-4629	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93448	date:	2016-07-22T00:00:00
db:	VULMON	id:	CVE-2016-4629	date:	2016-07-22T00:00:00
db:	BID	id:	91824	date:	2016-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-004026	date:	2016-07-28T00:00:00
db:	CNNVD	id:	CNNVD-201607-884	date:	2016-07-26T00:00:00
db:	NVD	id:	CVE-2016-4629	date:	2016-07-22T02:59:49.633