CVE-2013-1020 — Out-of-bounds Write in Apple Quicktime

CWE-3997 documents6 sources

Severity

9.3CRITICALNVD

EPSS

4.6%

top 10.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Quicktime

Timeline

PublishedMay 24

Latest updateMay 17

Description

Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/quicktime7.7.3+51

🔴Vulnerability Details

GHSA

GHSA-gc6q-4w8w-q6mp: Apple QuickTime before 7↗2022-05-17

▶

Kernel

x86, cpu, amd: Add workaround for family 16h, erratum 793↗2014-01-15

▶

CVEList

CVE-2013-1020: Apple QuickTime before 7↗2013-05-24

▶

💥Exploits & PoCs

Exploit-DB

Skype for Business 2016 - Cross-Site Scripting↗2017-07-12

▶

💬Community

Bugzilla

CVE-2014-3464 JBoss WS: Incomplete fix for CVE-2013-2133↗2014-05-28

▶

Bugzilla

CVE-2013-6885 hw: AMD CPU erratum may cause core hang↗2013-11-28

▶