CVE-2007-0714

2007-03-0522:19:00

CWE-189

[email protected]

web.nvd.nist.gov

cve

2007

0714

integer overflow

apple quicktime

denial of service

remote user-assisted attackers

arbitrary code

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.923 High

EPSS

Percentile

98.9%

JSON

Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.

CPENameOperatorVersion
apple:quicktimeapple quicktimele7.1.4
apple:quicktimeapple quicktimeeq3.0
apple:quicktimeapple quicktimeeq4.1.2
apple:quicktimeapple quicktimeeq5.0.1
apple:quicktimeapple quicktimeeq5.0.2
apple:quicktimeapple quicktimeeq6.0
apple:quicktimeapple quicktimeeq6.0.0
apple:quicktimeapple quicktimeeq6.0.1
apple:quicktimeapple quicktimeeq6.0.2
apple:quicktimeapple quicktimeeq6.1.0

CPE	Name	Operator	Version
apple:quicktime	apple quicktime	le	7.1.4
apple:quicktime	apple quicktime	eq	3.0
apple:quicktime	apple quicktime	eq	4.1.2
apple:quicktime	apple quicktime	eq	5.0.1
apple:quicktime	apple quicktime	eq	5.0.2
apple:quicktime	apple quicktime	eq	6.0
apple:quicktime	apple quicktime	eq	6.0.0
apple:quicktime	apple quicktime	eq	6.0.1
apple:quicktime	apple quicktime	eq	6.0.2
apple:quicktime	apple quicktime	eq	6.1.0