CVE-2006-1983 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Quicktime

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents2 sources

Severity

7.5HIGHNVD

NVD6.4

EPSS

36.2%

top 2.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Quicktime Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedApr 21

Latest updateMay 1

Description

Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶NVDapple/quicktime7.0.4+4

▶NVDapple/mac_os_x17 versions+16

▶NVDapple/mac_os_x_server17 versions+16

Patches

Patch: lists.apple.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-6477-j2rc-33qc: Multiple heap-based buffer overflows in Mac OS X 10↗2022-05-01

▶

GHSA

GHSA-q5fr-275h-37w7: Heap-based buffer overflow in Apple QuickTime before 7↗2022-05-01

▶