CVE-2008-3635Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Quicktime

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
2.4%
top 14.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple QuicktimeIntel Indeo
Timeline
PublishedSep 11
Latest updateMay 2

Description

Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDapple/quicktime7.5+19
NVDintel/indeo3.2

🔴Vulnerability Details

2
GHSA
GHSA-9mw4-6qxp-xf48: Stack-based buffer overflow in QuickTimeInternetExtras2022-05-02
CVEList
CVE-2008-3635: Stack-based buffer overflow in QuickTimeInternetExtras2008-09-10
CVE-2008-3635 — Apple Quicktime vulnerability | cvebase