CVE-2009-0006Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Quicktime

CWE-1897 documents4 sources
Severity
9.3CRITICALNVD
EPSS
45.7%
top 2.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Quicktime
Timeline
PublishedJan 21
Latest updateMay 2

Description

Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDapple/quicktime7.5.5+44

Patches

Patch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-9rqj-wrj3-5984: Integer signedness error in Apple QuickTime before 72022-05-02
CVEList
CVE-2009-0006: Integer signedness error in Apple QuickTime before 72009-01-21

💬Community

4
Bugzilla
CVE-2014-8094 xorg-x11-server: integer overflow in DRI2 extension function ProcDRI2GetBuffers()2014-11-27
Bugzilla
CVE-2009-0501 moodle: calendar export may allow brute force attacks2009-02-10
Bugzilla
CVE-2008-2368 Certificate System: plain text passwords stored in debug log2008-06-18
Bugzilla
CVE-2008-2367 Certificate System: insecure config file permissions2008-06-18
CVE-2009-0006 — Apple Quicktime vulnerability | cvebase