9.3

CVE-2009-0006

Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.

Data is provided by the National Vulnerability Database (NVD)
AppleQuicktime Version <= 7.5.5
AppleQuicktime Version3.0
AppleQuicktime Version4.1.2
AppleQuicktime Version5.0
AppleQuicktime Version5.0.1
AppleQuicktime Version5.0.2
AppleQuicktime Version6.0
AppleQuicktime Version6.0.0
AppleQuicktime Version6.0.1
AppleQuicktime Version6.0.2
AppleQuicktime Version6.1
AppleQuicktime Version6.1.0
AppleQuicktime Version6.1.1
AppleQuicktime Version6.2.0
AppleQuicktime Version6.3.0
AppleQuicktime Version6.4.0
AppleQuicktime Version6.5
AppleQuicktime Version6.5.0
AppleQuicktime Version6.5.1
AppleQuicktime Version6.5.2
AppleQuicktime Version7.0
AppleQuicktime Version7.0.0
AppleQuicktime Version7.0.1
AppleQuicktime Version7.0.2
AppleQuicktime Version7.0.3
AppleQuicktime Version7.0.4
AppleQuicktime Version7.1
AppleQuicktime Version7.1.0
AppleQuicktime Version7.1.1
AppleQuicktime Version7.1.2
AppleQuicktime Version7.1.3
AppleQuicktime Version7.1.4
AppleQuicktime Version7.1.5
AppleQuicktime Version7.1.6
AppleQuicktime Version7.2
AppleQuicktime Version7.2.1
AppleQuicktime Version7.3
AppleQuicktime Version7.3.0
AppleQuicktime Version7.3.1
AppleQuicktime Version7.3.1.70
AppleQuicktime Version7.4
AppleQuicktime Version7.4.0
AppleQuicktime Version7.4.1
AppleQuicktime Version7.4.5
AppleQuicktime Version7.5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 45.67% 0.975
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C