Check Point Advisories

Preemptive Protection against Apple Mac OS X CoreGraphics Heap Overflow Vulnerability

Check Point Reference: CPAI-2010-255
Date Published: 29 Aug 2010
Severity: High
Last Updated: Friday 01 January, 2010
Source: Check Point Vulnerability Discovery Team (VDT)
Industry Reference:CVE-2010-1801
Protection Provided by:
Who is Vulnerable? Mac OS X v10.5.8 Mac OS X Server v10.5.8 Mac OS X v10.6.4 Mac OS X Server v10.6.4
Vulnerability Description A heap buffer overflow Vulnerability has been discovered in Apple CoreGraphics. CoreGraphics refers to a pair of Mac OS X technologies, each part of the CoreGraphics framework: Quartz 2D and Quartz Compositor. It includes both a 2D renderer in CoreGraphics and the composition engine that sends instructions to the graphics card. Quartz's internal imaging model correlates well with the PDF object graph, making it easy to output PDF to multiple devices. Successful exploitation of this issue will allow execution of arbitrary code on an affected system.
Vulnerability DetailsThe vulnerability is due to the way CoreGraphics handles PDF files. A remote attacker could trigger this issue via a maliciously crafted PDF file. Successful exploitation will create a denial of service condition, causing the application to become non-responsive, and may allow execution of arbitrary code once a malicious PDF file is loaded on a vulnerable system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK