CVE-2011-0205: Buffer Overflow
First published: Fri Jun 24 2011(Updated: )
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS and macOS | =10.5.8 | |
| Apple iOS and macOS | =10.6.7 | |
| Apple iOS and macOS | =10.6.3 | |
| Apple ImageIO | ||
| Apple iOS and macOS | =10.6.6 | |
| Apple iOS and macOS | =10.6.1 | |
| Apple iOS and macOS | =10.6.0 | |
| Apple iOS and macOS | =10.6.2 | |
| Apple iOS and macOS | =10.6.4 | |
| Apple iOS and macOS | =10.6.5 | |
| Apple macOS Server | =10.5.8 | |
| Apple macOS Server | =10.6.3 | |
| Apple macOS Server | =10.6.6 | |
| Apple macOS Server | =10.6.4 | |
| Apple macOS Server | =10.6.7 | |
| Apple macOS Server | =10.6.5 | |
| Apple macOS Server | =10.6.1 | |
| Apple macOS Server | =10.6.2 | |
| Apple macOS Server | =10.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-0205?
CVE-2011-0205 is classified as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2011-0205?
To fix CVE-2011-0205, users should update to Mac OS X versions 10.6.8 or later, as these versions include the necessary security patches.
What systems are affected by CVE-2011-0205?
CVE-2011-0205 affects Apple Mac OS X versions 10.5.8 and 10.6.x prior to 10.6.8.
What type of attack does CVE-2011-0205 enable?
CVE-2011-0205 enables attackers to execute arbitrary code or cause denial of service through specially crafted JPEG2000 images.
Is there any risk in opening JPEG2000 images on vulnerable systems related to CVE-2011-0205?
Yes, opening JPEG2000 images on vulnerable systems can lead to application crashes or arbitrary code execution.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.5.8
- version/apple ios and macos/10.6.7
- version/apple ios and macos/10.6.3
- canonical/apple imageio
- version/apple ios and macos/10.6.6
- version/apple ios and macos/10.6.1
- version/apple ios and macos/10.6.0
- version/apple ios and macos/10.6.2
- version/apple ios and macos/10.6.4
- version/apple ios and macos/10.6.5
- canonical/apple macos server
- version/apple macos server/10.5.8
- version/apple macos server/10.6.3
- version/apple macos server/10.6.6
- version/apple macos server/10.6.4
- version/apple macos server/10.6.7
- version/apple macos server/10.6.5
- version/apple macos server/10.6.1
- version/apple macos server/10.6.2
- version/apple macos server/10.6.0