Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0645

4 documents4 sources
Severity
6.8MEDIUM
EPSS
3.9%
top 11.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Iphoto
Timeline
PublishedFeb 1
Latest updateMay 1

Description

Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapple/iphoto6.0.5

🔴Vulnerability Details

2
GHSA
GHSA-r98p-pc83-q3wf: Format string vulnerability in iPhoto 62022-05-01
CVEList
CVE-2007-0645: Format string vulnerability in iPhoto 62007-02-01

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX 10.4.x - iPhoto 'photo://' URL Handling Format String2007-01-30
CVE-2007-0645 (MEDIUM CVSS 6.8) | Format string vulnerability in iPho | cvebase.io