CVE-2007-4677Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer2 documents2 sources
Severity
9.3CRITICALNVD
EPSS
69.7%
top 1.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple MAC OS X
Timeline
PublishedNov 7
Latest updateMay 1

Description

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDapple/mac_os_x10.3.9, 10.4.10, 10.5+2

🔴Vulnerability Details

1
GHSA
GHSA-fpj9-xrvv-p65j: Heap-based buffer overflow in Apple QuickTime before 72022-05-01