CVE-2015-3665

CWE-119 — Buffer Overflow CWE-284 — Improper Access Control8 documents8 sources

Severity

6.8MEDIUM

EPSS

2.0%

top 16.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Quicktime

Timeline

PublishedJul 3

Latest updateMay 17

Description

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3669.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/quicktime7.7.6

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-c5h4-r9pm-rvhr: QT Media Foundation in Apple QuickTime before 7↗2022-05-17

▶

GHSA

Jenkins allows Bypass of Access Restrictions↗2022-05-13

▶

CVEList

CVE-2015-3665: QT Media Foundation in Apple QuickTime before 7↗2015-07-03

▶

📋Vendor Advisories

Red Hat

jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)↗2015-11-11

▶

Apple

CVE-2015-3665: QuickTime 7.7.7↗

▶

💬Community

Bugzilla

CVE-2015-5325 jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)↗2015-11-16

▶