CVE-2006-4389 — Apple Quicktime vulnerability

3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

32.1%

top 3.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Quicktime

Timeline

PublishedSep 12

Latest updateMay 1

Description

Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/quicktime14 versions+13

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wwx7-m89g-5mvc: Apple QuickTime before 7↗2022-05-01

▶

CVEList

CVE-2006-4389: Apple QuickTime before 7↗2006-09-12

▶