CVE-2014-4481 PoC — 多款Apple产品CoreGraphics 整数溢出漏洞

Source

https://github.com/feliam/CVE-2014-4481

Associated Vulnerability

Title:多款Apple产品CoreGraphics 整数溢出漏洞 (CVE-2014-4481)
Description:Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Description

Apple CoreGraphics framework fails to validate the input when parsing CCITT group 3 encoded data resulting in a heap overflow condition. A small heap memory allocation can be overflowed with controlled data from the input resulting in arbitrary code execution in the context of Mobile Safari.

Readme

CoreGraphics CCITT Memory Corruption - CVE-2014-4481
====================================================

Apple CoreGraphics framework fails to validate the input when parsing CCITT group 3 encoded data resulting in a heap overflow condition. A small heap memory allocation can be overflowed with controlled data from the input resulting in arbitrary code execution in the context of Mobile Safari

Summary
========
* Title: Apple CoreGraphics Memory Corruption
* CVE Name: CVE-2014-4481
* Permalink: http://blog.binamuse.com/2015/01/coregraphics-ccitt-memory-corruption.html
* Date published: 2015-01-27
* Date of last update: 2015-01-27
* Class: Client side / Integer Overflow / Memory Corruption
* Advisory: HT204245

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!