CVE-2004-0431Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Quicktime

4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
0.8%
top 26.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Quicktime
Timeline
PublishedJul 7
Latest updateApr 29

Description

Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-g7hr-jcr3-qr24: Integer overflow in Apple QuickTime (QuickTime2022-04-29
CVEList
CVE-2004-0431: Integer overflow in Apple QuickTime (QuickTime2004-05-06
VulnCheck
Apple quicktime Integer Overflow or Wraparound2004
CVE-2004-0431 — Apple Quicktime vulnerability | cvebase