ja_mageia

Clint Ruoho has been credited by Apple Computers for a vulnerability in the in the handling of Adobe Digital Negative (DNG) image files on Mac OS X. Cnet News's Defense in Depth has coverage of the massive OS X update that was issued by Apple.

UPDATE: this vulnerability also exists in Aperture and iPhoto, as covered on this ZDNet link and on this Apple mailing list.

Image Raw

CVE-ID:  CVE-2008-0987

Available for:  Mac OS X v10.5.2, Mac OS X Server v10.5.2

Impact:  Viewing a maliciously crafted image may lead to an

unexpected application termination or arbitrary code execution

Description:  A stack based buffer overflow exists in the handling of

Adobe Digital Negative (DNG) image files. By enticing a user to open

a maliciously crafted image file, an attacker may cause an unexpected

application termination or arbitrary code execution. This update

addresses the issue through improved validation of DNG image files.

This issue does not affect systems prior to Mac OS X v10.5. Credit to

Clint Ruoho of Laconic Security for reporting this issue.