7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.213 Low
EPSS
Percentile
96.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaw exists in the parsing of the pict file format. If an invalid length is specified for the UncompressedQuickTimeData opcode, a stack based buffer overflow occurs, allowing the execution of arbitrary code.