OmniGraffle 7.25.1 addresses multiple security vulnerabilities. Our thanks to Seiji Sakurai of Apple Information Security for discovering and reporting these vulnerabilities.
- Security — Fixed a security vulnerability where opening a malicious PDF file could cause a heap buffer overflow while parsing ICC color spaces, leading to remote code execution or an app crash.
- Security — Fixed a security vulnerability where opening a malicious PDF file could cause a null pointer dereference while parsing ICC color spaces, leading to an app crash.
- Security — Fixed a security vulnerability where opening a malicious PDF file could cause an out-of-bounds read while parsing PDF Indexed color spaces, leading to heap memory disclosure or ASLR bypass.
- Security — Fixed a security vulnerability where opening a malicious Microsoft Visio VDX file with an embedded WMF (Windows Metafile) graphic could lead to an application hang/crash and could be leveraged for arbitrary code execution.
- Security — Fixed a security vulnerability where opening a malicious Microsoft Visio VSD file with improperly formatted compressed streams could lead to memory corruption and could be leveraged for arbitrary code execution.