DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2007-0462", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2007-0462", "description": "The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.", "published": "2007-01-26T01:28:00", "modified": "2017-07-29T01:30:00", "epss": [{"cve": "CVE-2007-0462", "epss": 0.9086, "percentile": 0.98481, "modified": "2023-09-28"}], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0462", "reporter": "cve@mitre.org", "references": ["http://projects.info-pull.com/moab/MOAB-23-01-2007.html", "http://www.securityfocus.com/bid/22207", "http://www.osvdb.org/32696", "http://secunia.com/advisories/23859", "http://www.vupen.com/english/advisories/2007/0337", "https://exchange.xforce.ibmcloud.com/vulnerabilities/31698"], "cvelist": ["CVE-2007-0462"], "immutableFields": [], "lastseen": "2023-09-28T17:42:15", "viewCount": 24, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2007-227", "CPAI-2008-204", "CPAI-2014-1449"]}, {"type": "cve", "idList": ["CVE-2007-0588"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7102"]}], "rev": 4}, "score": {"value": 7.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2007-227"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "apple quicktime", "version": 7}, {"name": "apple mac os x", "version": 10}]}, "epss": [{"cve": "CVE-2007-0462", "epss": 0.91373, "percentile": 0.98359, "modified": "2023-05-08"}], "vulnersScore": 7.4}, "_state": {"dependencies": 1695923173, "score": 1695924606, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "9ab0557091b0b65970e2023af9c76234"}, "cna_cvss": {"cna": "mitre", "cvss": {}}, "cpe": ["cpe:/o:apple:mac_os_x:10.4.8", "cpe:/a:apple:quicktime:7.1.3"], "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "apple:quicktime", "version": "7.1.3", "operator": "eq", "name": "apple quicktime"}, {"cpeName": "apple:mac_os_x", "version": "10.4.8", "operator": "eq", "name": "apple mac os x"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://projects.info-pull.com/moab/MOAB-23-01-2007.html", "name": "http://projects.info-pull.com/moab/MOAB-23-01-2007.html", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "http://www.securityfocus.com/bid/22207", "name": "22207", "refsource": "BID", "tags": []}, {"url": "http://www.osvdb.org/32696", "name": "32696", "refsource": "OSVDB", "tags": []}, {"url": "http://secunia.com/advisories/23859", "name": "23859", "refsource": "SECUNIA", "tags": []}, {"url": "http://www.vupen.com/english/advisories/2007/0337", "name": "ADV-2007-0337", "refsource": "VUPEN", "tags": []}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31698", "name": "macos-argb-dos(31698)", "refsource": "XF", "tags": []}], "product_info": [{"vendor": "Apple", "product": "Quicktime"}, {"vendor": "Apple", "product": "Mac_os_x"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "2007-01-23T00:00:00"}

{"checkpoint_advisories": [{"lastseen": "2021-12-17T12:34:08", "description": "QuickDraw is the 2-dimension graphic library, a core part of the legacy Apple Macintosh operating system. The product has been largely superseded in the latest Mac OS X operating system but still exists as part of the system libraries. There exists a memory corruption vulnerability in the Apple QuickDraw product. The flaw is due to improper handling of PICT image files. This vulnerability can be exploited by a malicious PICT image on the target host using an affected product which leads to a denial of service condition and possibly execution of arbitrary code. In an attack case where code injection is not successful, the affected application that is parsing the malicious PICT file may terminate abnormally. In a more sophisticated attack where code injection is successful, the behavior of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the currently logged in user.", "cvss3": {}, "published": "2010-02-17T00:00:00", "type": "checkpoint_advisories", "title": "Apple QuickDraw PICT Images ARGB Records Handling Memory Corruption (CVE-2007-0462)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0462"], "modified": "2016-02-14T00:00:00", "id": "CPAI-2007-227", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-28T06:42:04", "description": "A memory corruption vulnerability has been reported in QuickDraw. The vulnerability is due to improper handling of PICT image files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {}, "published": "2014-04-16T00:00:00", "type": "checkpoint_advisories", "title": "Apple QuickDraw PICT Images ARGB Records Handling Memory Corruption - Ver2 (CVE-2007-0462)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2007-0462"], "modified": "2014-04-16T00:00:00", "id": "CPAI-2014-1449", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-11-05T00:12:59", "description": "Several vulnerabilities have been identified within various versions of Apple QuickTime and Apple QuickDraw that, if exploited, would allow a remote attacker to execute arbitrary code on a vulnerable system.", "cvss3": {}, "published": "2008-02-26T00:00:00", "type": "checkpoint_advisories", "title": "Update IPS-1 with a Protection against Apple QuickTime and Apple QuickDraw Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0462", "CVE-2007-2296", "CVE-2007-4672", "CVE-2007-4676"], "modified": "2008-01-01T00:00:00", "id": "CPAI-2008-204", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T19:03:06", "description": "Memory corruption on maleformed PICT image ARGB record.", "cvss3": {}, "published": "2007-01-24T00:00:00", "type": "securityvulns", "title": "Apple QuickDraw libraries memory corruption", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-0462", "CVE-2007-0588"], "modified": "2007-01-24T00:00:00", "id": "SECURITYVULNS:VULN:7102", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7102", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2023-09-28T18:30:10", "description": "The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.", "cvss3": {}, "published": "2007-01-30T18:28:00", "type": "cve", "title": "CVE-2007-0588", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0462", "CVE-2007-0588"], "modified": "2013-08-15T05:21:00", "cpe": ["cpe:/o:apple:mac_os_x:10.4.8", "cpe:/a:apple:quicktime:7.1.3"], "id": "CVE-2007-0588", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0588", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*"]}]}