Details of VAR-201702-0342

ID

VAR-201702-0342

CVE

CVE-2016-4683

TITLE

Apple OS X of ImageIO Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2016-007370

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file. Apple Mac OS X is prone to multiple remote code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. ImageIO is one of the static methods used to perform common image I/O operations. A security vulnerability exists in the ImageIO component of Apple macOS Sierra prior to 10.12.1

Trust: 1.98

sources: NVD: CVE-2016-4683 // JVNDB: JVNDB-2016-007370 // BID: 94431 // VULHUB: VHN-93502

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.0	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.1	Trust: 0.3

sources: BID: 94431 // JVNDB: JVNDB-2016-007370 // CNNVD: CNNVD-201611-481 // NVD: CVE-2016-4683

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4683
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4683
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201611-481
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-93502
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-4683
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-93502
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4683
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93502 // JVNDB: JVNDB-2016-007370 // CNNVD: CNNVD-201611-481 // NVD: CVE-2016-4683

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-93502 // JVNDB: JVNDB-2016-007370 // NVD: CVE-2016-4683

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-481

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201611-481

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007370

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1	url:	https://lists.apple.com/archives/security-announce/2016/Oct/msg00001.html	Trust: 0.8
title:	HT207275	url:	https://support.apple.com/en-us/HT207275	Trust: 0.8
title:	HT207275	url:	https://support.apple.com/ja-jp/HT207275	Trust: 0.8
title:	Apple macOS Sierra ImageIO Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65818	Trust: 0.6

sources: JVNDB: JVNDB-2016-007370 // CNNVD: CNNVD-201611-481

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4683	Trust: 2.8
db:	BID	id:	94431	Trust: 2.0
db:	JVN	id:	JVNVU90743185	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007370	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-481	Trust: 0.7
db:	VULHUB	id:	VHN-93502	Trust: 0.1

sources: VULHUB: VHN-93502 // BID: 94431 // JVNDB: JVNDB-2016-007370 // CNNVD: CNNVD-201611-481 // NVD: CVE-2016-4683

REFERENCES

url:	http://www.securityfocus.com/bid/94431	Trust: 1.7
url:	https://support.apple.com/ht207275	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4683	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90743185/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4683	Trust: 0.8
url:	https://support.apple.com/en-in/ht207275	Trust: 0.3
url:	https://www.apple.com/	Trust: 0.3

sources: VULHUB: VHN-93502 // BID: 94431 // JVNDB: JVNDB-2016-007370 // CNNVD: CNNVD-201611-481 // NVD: CVE-2016-4683

CREDITS

Ke Liu of Tencent???s Xuanwu Lab

Trust: 0.6

sources: CNNVD: CNNVD-201611-481

SOURCES

db:	VULHUB	id:	VHN-93502
db:	BID	id:	94431
db:	JVNDB	id:	JVNDB-2016-007370
db:	CNNVD	id:	CNNVD-201611-481
db:	NVD	id:	CVE-2016-4683

LAST UPDATE DATE

2025-04-20T20:09:36.414000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93502	date:	2017-02-21T00:00:00
db:	BID	id:	94431	date:	2016-11-24T00:14:00
db:	JVNDB	id:	JVNDB-2016-007370	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201611-481	date:	2017-03-13T00:00:00
db:	NVD	id:	CVE-2016-4683	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93502	date:	2017-02-20T00:00:00
db:	BID	id:	94431	date:	2016-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2016-007370	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201611-481	date:	2016-10-25T00:00:00
db:	NVD	id:	CVE-2016-4683	date:	2017-02-20T08:59:00.933