CVE-2015-3792 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Quicktime

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

3.2%

top 12.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Quicktime

Timeline

PublishedAug 17

Latest updateMay 17

Description

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/quicktime7.0.0

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-hphh-mp7v-g43f: QuickTime 7 in Apple OS X before 10↗2022-05-17

▶

CVEList

CVE-2015-3792: QuickTime 7 in Apple OS X before 10↗2015-08-16

▶

📋Vendor Advisories

Apple

CVE-2015-3792: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

Apple

CVE-2015-3792: QuickTime 7.7.8↗

▶