CVE-2007-0588 — Out-of-bounds Write in Apple MAC OS X

3 documents3 sources
Severity
7.1HIGHNVD
CNA10.0
EPSS
30.5%
top 3.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple Quicktime
Timeline
PublishedJan 30
Latest updateMay 1

Description

The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

â–¶NVDapple/quicktime7.1.3
â–¶NVDapple/mac_os_x10.4.8

🔴Vulnerability Details

2
GHSA
GHSA-mj44-3pg8-598c: The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7↗2022-05-01
â–¶
CVEList
CVE-2007-0588: The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7↗2007-01-30
â–¶
CVE-2007-0588 — Out-of-bounds Write in Apple MAC OS X | cvebase