Title: Apple Xcode Core Image Fun House '.funhouse' File XML Data Handling Buffer Overflow Vulnerability
Severity: HIGH
Description:
Apple Xcode is a development environment for Mac OS X. The environment consists of various tools, including Core Image, a framework for processing and rendering images. Core Image Fun House is an example application supplied with Xcode.
The example application is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling '.funhouse' files containing malicious XML data. Specifically, the buffer overflow occurs when parsing an excessively long 'string' XML tag.
An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious '.funhouse' file.
Successfully exploiting this issue will allow the attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
Apple Xcode 2.0 through 3.0 are vulnerable.
Affected Products:
- Apple Core Image Fun House
- Apple Xcode 2.0
- Apple Xcode 2.1
- Apple Xcode 2.2
- Apple Xcode 2.3
- Apple Xcode 2.4.1
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
