4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.06 Low
EPSS
Percentile
93.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in QuickTimeMPEG.qtx and results when QuickTime attempts to parse a malformed ‘genl’ atom that may be present in any QuickTime media file. A heap overflow is caused when QuickTime fails to perform proper bounds checking on the amount of data copied to the heap by a set of nested loops which can result in arbitrary code execution.