9.3

CVE-2008-3627

EPSS 17.9%
Veröffentlicht 11.09.2008 01:13:09
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ Quicktime Version < 7.5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	17.9%	0.946

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html

Vendor Advisory

Mailing List

http://secunia.com/advisories/31821

Third Party Advisory

http://securitytracker.com/id?1020841

Third Party Advisory

VDB Entry

http://support.apple.com/kb/HT3027

Vendor Advisory

http://www.securityfocus.com/bid/31086

Patch

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2008/2527

Third Party Advisory

http://www.securityfocus.com/archive/1/496163/100/0/threaded

http://www.securityfocus.com/archive/1/496175/100/0/threaded

http://www.securityfocus.com/archive/1/496176/100/0/threaded

http://www.zerodayinitiative.com/advisories/ZDI-08-060/

Third Party Advisory

VDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-08-061/

Third Party Advisory

VDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-08-062/

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16164

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2008-3627

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3627

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3627

EUVD