CVE-2024-44157

CWE-787Out-of-bounds WriteCWE-120Classic Buffer Overflow5 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 77.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple Apple TVApple Itunes FOR WindowsApple Itunes
Timeline
PublishedOct 11

Description

A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5apple/itunes_for_windows< 12.13.3
NVDapple/itunes< 12.13.3
CVEListV5apple/apple_tv< 1.5.0
NVDapple/apple_tv< 1.5.0.152

🔴Vulnerability Details

2
GHSA
GHSA-q557-m5m4-m7pc: A stack buffer overflow was addressed through improved input validation2024-10-11
CVEList
CVE-2024-44157: A stack buffer overflow was addressed through improved input validation2024-10-11

📋Vendor Advisories

2
Apple
CVE-2024-44157: Apple TV 1.5.0.152 for Windows2024-10-03
Apple
CVE-2024-44157: iTunes 12.13.3 for Windows2024-09-12
CVE-2024-44157 (MEDIUM CVSS 5.5) | A stack buffer overflow was address | cvebase.io