CVE-2007-4676 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer2 documents2 sources

Severity

9.3CRITICALNVD

EPSS

73.4%

top 1.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X

Timeline

PublishedNov 7

Latest updateMay 1

Description

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/mac_os_x10.3.9, 10.4.10, 10.5+2

🔴Vulnerability Details

GHSA

GHSA-6q3w-rp64-hvgj: Heap-based buffer overflow in Apple QuickTime before 7↗2022-05-01

▶