CVE-2007-2295

EPSS 40.62%
Veröffentlicht 26.04.2007 20:19:00
Zuletzt bearbeitet 23.04.2026 00:35:47
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ Quicktime Version7.1

Apple ≫ Quicktime Version7.1.1

Apple ≫ Quicktime Version7.1.2

Apple ≫ Quicktime Version7.1.3

Apple ≫ Quicktime Version7.1.4

Apple ≫ Quicktime Version7.1.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	40.62%	0.972

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://docs.info.apple.com/article.html?artnum=305947

http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html

http://secunia.com/advisories/26034

Vendor Advisory

http://security-protocols.com/sp-x45-advisory.php

Vendor Advisory

http://www.osvdb.org/35577

http://www.securityfocus.com/bid/23650

http://www.securitytracker.com/id?1017965

http://www.securitytracker.com/id?1018373

http://www.us-cert.gov/cas/techalerts/TA07-193A.html

US Government Resource