[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows



=======
Summary
=======
Name: OS X 10.6.6 Camera Raw Library Memory Corruption 
Release Date: 28 June 2011
Reference: NGS00052
Discoverer: Paul Harrington <paul.harrington@xxxxxxxxxxxxx>
Vendor: Apple
Vendor Reference: 140299872
Systems Affected: OS X 10.6.6 with RawCamera.bundle < 3.6
Risk: High
Status: Published

========
TimeLine
========
Discovered: 22 February 2011
Released: 22 February 2011
Approved: 22 February 2011
Reported: 23 February 2011
Fixed: 21 March 2011
Published: 28 June 2011

===========
Description
===========
A corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library.  This affects viewing files in both the Preview.app application or via Quick Look.

=================
Technical Details
=================
exception=EXC_BAD_ACCESS:signal=10:is_exploitable=yes:instruction_disassembly=movw	%dx,(%rsi,%rax,2):instruction_address=0x00007fff8381efcf:access_type=write:access_address=0x0000000101a83000:
Crash accessing invalid address.  Consider running it again with libgmalloc(3) to see if the log changes.
Test case was SIGBUS.49563.2010-12-18.13.15.15.CR2


Process:         qlmanage [71823]
Path:           
/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd.app/Contents/MacOS/qlmanage
Identifier:      qlmanage
Version:         ??? (???)
Code Type:       X86-64 (Native)
Parent Process:  exc_handler [71821]

Date/Time:       2011-02-03 13:18:36.732 +0000
OS Version:      Mac OS X 10.6.6 (10J567)
Report Version:  6

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000101a83000
Crashed Thread:  3

===============
Fix Information
===============
Upgrade to Camera Raw update 3.6:-

http://support.apple.com/kb/DL1357

This will only install on systems running iPhone or Aperture.  A fix for other systems can be found here http://support.apple.com/kb/HT4581
Updates can be installed using the "System Update" feature.

NGS Secure Research
http://www.ngssecure.com