CVE-2010-0528Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Quicktime

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
2.4%
top 15.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Quicktime
Timeline
PublishedMar 31
Latest updateMay 2

Description

Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDapple/quicktime7.6.0+23

Patches

Patch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-qqh6-qfcc-jm42: Apple QuickTime before 72022-05-02
CVEList
CVE-2010-0528: Apple QuickTime before 72010-03-31
CVE-2010-0528 — Apple Quicktime vulnerability | cvebase