CVE-2011-3248 — Apple Quicktime vulnerability

CWE-1893 documents3 sources

Severity

9.3CRITICALNVD

EPSS

3.0%

top 13.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Quicktime

Timeline

PublishedOct 28

Latest updateMay 17

Description

Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/quicktime7.7+54

🔴Vulnerability Details

GHSA

GHSA-89qw-6fjr-cw6v: Integer signedness error in Apple QuickTime before 7↗2022-05-17

▶

CVEList

CVE-2011-3248: Integer signedness error in Apple QuickTime before 7↗2011-10-28

▶