CVE-2006-1249 — Apple Itunes vulnerability

CWE-1894 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

27.2%

top 3.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes Apple Quicktime

Timeline

PublishedMar 19

Latest updateMay 1

Description

Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDapple/itunes6.0.1, 6.0.2+1

▶NVDapple/quicktime7.0.3, 7.0.4+1

🔴Vulnerability Details

GHSA

GHSA-c5r5-g994-2gv9: Integer overflow in Apple QuickTime Player 7↗2022-05-01

▶

CVEList

CVE-2006-1249: Integer overflow in Apple QuickTime Player 7↗2006-03-19

▶

💬Community

Bugzilla

CVE-2016-1249 perl-DBD-MySQL: Out-of-bounds read when using server-side prepared statement support↗2016-11-16

▶