exploitDog

CVE-2010-0517

Опубликовано: 30 мар. 2010

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03478

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-xfj2-7ff5-qr45

github

почти 4 года назад

Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.

EPSS

Процентиль: 87%

0.03478

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-119