CVE-2007-3752 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Itunes

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer2 documents2 sources

Severity

9.3CRITICALNVD

EPSS

16.0%

top 5.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes

Timeline

PublishedSep 6

Latest updateMay 1

Description

Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/itunes7.3.2

Patches

Patch: lists.apple.com ↗Patch: secunia.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-mm4c-ggh7-6cw3: Heap-based buffer overflow in Apple iTunes before 7↗2022-05-01

▶