Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-1246 (GCVE-0-2014-1246)
Vulnerability from cvelistv5
Published
2014-02-27 01:00
Modified
2024-08-06 09:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.
References
| URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:41.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-27T00:57:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "http://support.apple.com/kb/HT6151",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-1246",
"datePublished": "2014-02-27T01:00:00",
"dateReserved": "2014-01-08T00:00:00",
"dateUpdated": "2024-08-06T09:34:41.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-1246\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2014-02-27T01:55:03.680\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de buffer en Apple QuickTime anterior a 7.7.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un \u00e1tomo ftab manipulado en un archivo de v\u00eddeo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.7.4\",\"matchCriteriaId\":\"724DF108-4F11-453C-8176-EE31C95B963A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F43E39C4-6A08-4C38-BC7D-573F40978527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8692B488-129A-49EA-AF84-6077FCDBB898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1758610B-3789-489E-A751-386D605E5A08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B535737C-BF32-471C-B26A-588632FCC427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF2C61F8-B376-40F9-8677-CADCC3295915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC0E0EA8-2947-44F9-BCFA-F4CFA34E9EFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"795E3354-7824-4EF4-A788-3CFEB75734E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9419A1E9-A0DA-4846-8959-BE50B53736E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"952A8015-B18B-481C-AC17-60F0D7EEE085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E518B27-A79B-43A4-AFA6-E59EF8E944D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEC6EF36-93B3-49BB-9A6F-1990E3F4170E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1B5F2F-CDBF-4AEF-9F78-0C010664B9E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B84D320E-ACA2-4B6E-B682-00202B9ADF2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81E0F160-4B70-45CD-B8AC-AB30ADDB8D2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97FEBA83-C845-4334-9B9A-921BA0F44DE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2CE2A89-B2FC-413D-A059-526E6DE301BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F9F7DCE-EE65-4CD5-AA21-208B2AAF09EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0C835F2-4F9E-45A6-8112-C2D8CB1A39AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8461AF0A-D4D3-4010-A881-EDBB95003083\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C8E5C77-573F-4EA3-A59C-4A7B11946E93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C6E08BF-737E-4512-9BB8-5B4B03A2F8B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D22D0674-0EC7-4176-97FB-940F2F7D6AFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A6470EC-B72B-404C-9E69-03C3FEFD56F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA3FB6BA-D0FA-4DC3-8A4D-453C2EE51D09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F5F530-033D-49D8-ABD5-F4285DA7DA40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A0A9EC6-9531-4024-8325-DD9318653AE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDB11E0-3853-4C93-AC64-599A1A3606CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C2A95FA-0C02-45AD-B9C0-AB6310DAD5B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCD69789-11BA-410F-ABEB-0D34CBF817E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"506422A5-F1E6-4D07-B947-4E265AC16ABD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC323B5D-9ED9-403D-8048-3C39A7CEF2C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16576679-FD00-4DBE-B49C-BC2A8AD4E0BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98FED5F4-24B7-4028-AF48-E8CBE2CA5E1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CCBAAE7-896F-4541-9938-2F5A5C2D64D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B03760D-1980-4E38-89DE-7690BF9D97CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F69333C-3079-4D2E-A220-CEE9CA9A12D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C0493DB-89F5-4E13-8748-7DD07069B2BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50EB0E3F-F2CE-407F-BD27-5DE33D5C464D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24A25741-AB36-445A-82B5-C475A64A4619\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBCA6F97-D4BA-4264-8C99-BF769CCDD8C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC0C8685-30B6-4AFE-A158-742B2BFAE28E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E3F13D2-DCD3-4164-9FEB-147D966F19B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4B30E33-4B85-4198-848C-3B1BDB191FE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C63C9B8E-44C2-4F52-A8FD-C0B2AEA635C3\"}]}]}],\"references\":[{\"url\":\"http://support.apple.com/kb/HT6150\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT6151\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT6150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT6151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
fkie_cve-2014-1246
Vulnerability from fkie_nvd
Published
2014-02-27 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://support.apple.com/kb/HT6150 | Vendor Advisory | |
| product-security@apple.com | http://support.apple.com/kb/HT6151 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT6150 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT6151 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "724DF108-4F11-453C-8176-EE31C95B963A",
"versionEndIncluding": "7.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F43E39C4-6A08-4C38-BC7D-573F40978527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B535737C-BF32-471C-B26A-588632FCC427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2C61F8-B376-40F9-8677-CADCC3295915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0E0EA8-2947-44F9-BCFA-F4CFA34E9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "795E3354-7824-4EF4-A788-3CFEB75734E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9419A1E9-A0DA-4846-8959-BE50B53736E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "952A8015-B18B-481C-AC17-60F0D7EEE085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E518B27-A79B-43A4-AFA6-E59EF8E944D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC6EF36-93B3-49BB-9A6F-1990E3F4170E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1B5F2F-CDBF-4AEF-9F78-0C010664B9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B84D320E-ACA2-4B6E-B682-00202B9ADF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81E0F160-4B70-45CD-B8AC-AB30ADDB8D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEBA83-C845-4334-9B9A-921BA0F44DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2CE2A89-B2FC-413D-A059-526E6DE301BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9F7DCE-EE65-4CD5-AA21-208B2AAF09EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C835F2-4F9E-45A6-8112-C2D8CB1A39AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8461AF0A-D4D3-4010-A881-EDBB95003083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8E5C77-573F-4EA3-A59C-4A7B11946E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6E08BF-737E-4512-9BB8-5B4B03A2F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D22D0674-0EC7-4176-97FB-940F2F7D6AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6470EC-B72B-404C-9E69-03C3FEFD56F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3FB6BA-D0FA-4DC3-8A4D-453C2EE51D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58F5F530-033D-49D8-ABD5-F4285DA7DA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0A9EC6-9531-4024-8325-DD9318653AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDB11E0-3853-4C93-AC64-599A1A3606CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2A95FA-0C02-45AD-B9C0-AB6310DAD5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD69789-11BA-410F-ABEB-0D34CBF817E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "506422A5-F1E6-4D07-B947-4E265AC16ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC323B5D-9ED9-403D-8048-3C39A7CEF2C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16576679-FD00-4DBE-B49C-BC2A8AD4E0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "98FED5F4-24B7-4028-AF48-E8CBE2CA5E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCBAAE7-896F-4541-9938-2F5A5C2D64D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B03760D-1980-4E38-89DE-7690BF9D97CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F69333C-3079-4D2E-A220-CEE9CA9A12D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0493DB-89F5-4E13-8748-7DD07069B2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*",
"matchCriteriaId": "50EB0E3F-F2CE-407F-BD27-5DE33D5C464D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24A25741-AB36-445A-82B5-C475A64A4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCA6F97-D4BA-4264-8C99-BF769CCDD8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0C8685-30B6-4AFE-A158-742B2BFAE28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3F13D2-DCD3-4164-9FEB-147D966F19B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B30E33-4B85-4198-848C-3B1BDB191FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*",
"matchCriteriaId": "C63C9B8E-44C2-4F52-A8FD-C0B2AEA635C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en Apple QuickTime anterior a 7.7.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un \u00e1tomo ftab manipulado en un archivo de v\u00eddeo."
}
],
"id": "CVE-2014-1246",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-27T01:55:03.680",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6151"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2014-AVI-090
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Apple QuickTime. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Apple QuickTime versions antérieures à 7.7.5
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eApple QuickTime versions ant\u00e9rieures \u00e0 7.7.5\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-1032",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1032"
},
{
"name": "CVE-2014-1243",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1243"
},
{
"name": "CVE-2014-1246",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1246"
},
{
"name": "CVE-2014-1245",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1245"
},
{
"name": "CVE-2014-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1244"
},
{
"name": "CVE-2014-1251",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1251"
},
{
"name": "CVE-2014-1250",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1250"
},
{
"name": "CVE-2014-1247",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1247"
},
{
"name": "CVE-2014-1249",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1249"
},
{
"name": "CVE-2014-1248",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1248"
}
],
"initial_release_date": "2014-02-26T00:00:00",
"last_revision_date": "2014-02-26T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-090",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-02-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple QuickTime\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6151 du 26 f\u00e9vrier 2014",
"url": "http://support.apple.com/kb/HT6151"
}
]
}
CERTFR-2014-AVI-095
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Apple OS X Maverick. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple OS X Mountain Lion versions ant\u00e9rieures \u00e0 10.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Lion Server versions ant\u00e9rieures \u00e0 10.7.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Mavericks versions ant\u00e9rieures \u00e0 10.9.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Lion versions ant\u00e9rieures \u00e0 10.7.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-1256",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1256"
},
{
"name": "CVE-2013-4073",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4073"
},
{
"name": "CVE-2014-1263",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1263"
},
{
"name": "CVE-2014-1252",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1252"
},
{
"name": "CVE-2014-1258",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1258"
},
{
"name": "CVE-2013-6420",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6420"
},
{
"name": "CVE-2014-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1264"
},
{
"name": "CVE-2014-1261",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1261"
},
{
"name": "CVE-2013-5986",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5986"
},
{
"name": "CVE-2014-1266",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1266"
},
{
"name": "CVE-2014-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1255"
},
{
"name": "CVE-2014-1246",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1246"
},
{
"name": "CVE-2014-1245",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1245"
},
{
"name": "CVE-2013-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4248"
},
{
"name": "CVE-2013-6629",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6629"
},
{
"name": "CVE-2014-1254",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1254"
},
{
"name": "CVE-2013-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5987"
},
{
"name": "CVE-2013-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1862"
},
{
"name": "CVE-2013-5139",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5139"
},
{
"name": "CVE-2014-1259",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1259"
},
{
"name": "CVE-2014-1250",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1250"
},
{
"name": "CVE-2013-4113",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4113"
},
{
"name": "CVE-2014-1265",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1265"
},
{
"name": "CVE-2014-1247",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1247"
},
{
"name": "CVE-2014-1260",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1260"
},
{
"name": "CVE-2014-1262",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1262"
},
{
"name": "CVE-2014-1249",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1249"
},
{
"name": "CVE-2013-5179",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5179"
},
{
"name": "CVE-2013-1896",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1896"
},
{
"name": "CVE-2014-1248",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1248"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
},
{
"name": "CVE-2014-1257",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1257"
},
{
"name": "CVE-2013-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5178"
}
],
"initial_release_date": "2014-02-28T00:00:00",
"last_revision_date": "2014-02-28T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-095",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X Maverick\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6150 du 25 f\u00e9vrier 2014",
"url": "http://support.apple.com/kb/HT6150"
}
]
}
ghsa-f2c7-g7vh-p9xf
Vulnerability from github
Published
2022-05-17 04:51
Modified
2022-05-17 04:51
VLAI Severity ?
Details
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.
{
"affected": [],
"aliases": [
"CVE-2014-1246"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-02-27T01:55:00Z",
"severity": "HIGH"
},
"details": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.",
"id": "GHSA-f2c7-g7vh-p9xf",
"modified": "2022-05-17T04:51:39Z",
"published": "2022-05-17T04:51:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1246"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6150"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6151"
}
],
"schema_version": "1.4.0",
"severity": []
}
gsd-2014-1246
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-1246",
"description": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.",
"id": "GSD-2014-1246"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-1246"
],
"details": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.",
"id": "GSD-2014-1246",
"modified": "2023-12-13T01:22:51.104881Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "http://support.apple.com/kb/HT6151",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6151"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.7.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1246"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "http://support.apple.com/kb/HT6151",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6151"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2014-02-27T17:13Z",
"publishedDate": "2014-02-27T01:55Z"
}
}
}
var-201402-0409
Vulnerability from variot
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of the ftab atom. By providing an overly large font name, an attacker can overflow a fixed size stack buffer. An attacker could use this vulnerability to execute arbitrary code in the context of the user. Apple Mac OS X is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, and File Bookmark components. Failed attacks may cause denial-of-service conditions. These issues affect OS X versions prior to 10.9.2. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. Apple QuickTime 7.7.4 and earlier have a buffer overflow vulnerability in the handling of the "ftab" atom. These issues were addressed by updating Apache to version 2.2.26. CVE-ID CVE-2013-1862 CVE-2013-1896
App Sandbox Available for: OS X Mountain Lion v10.8.5 Impact: The App Sandbox may be bypassed Description: The LaunchServices interface for launching an application allowed sandboxed apps to specify the list of arguments passed to the new process. A compromised sandboxed application could abuse this to bypass the sandbox. This issue was addressed by preventing sandboxed applications from specifying arguments. CVE-ID CVE-2013-5179 : Friedrich Graeter of The Soulmen GbR
ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of handling of Type 1 fonts. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1254 : Felix Groebert of the Google Security Team
ATS Available for: OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: A memory corruption issue existed in the handling of Mach messages passed to ATS. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1262 : Meder Kydyraliev of the Google Security Team
ATS Available for: OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: An arbitrary free issue existed in the handling of Mach messages passed to ATS. This issue was addressed through additional validation of Mach messages. CVE-ID CVE-2014-1255 : Meder Kydyraliev of the Google Security Team
ATS Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: A buffer overflow issue existed in the handling of Mach messages passed to ATS. This issue was addressed by additional bounds checking. CVE-ID CVE-2014-1256 : Meder Kydyraliev of the Google Security Team
Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Root certificates have been updated Description: The set of system root certificates has been updated. The complete list of recognized system roots may be viewed via the Keychain Access application.
CFNetwork Cookies Available for: OS X Mountain Lion v10.8.5 Impact: Session cookies may persist even after resetting Safari Description: Resetting Safari did not always delete session cookies until Safari was closed. This issue was addressed through improved handling of session cookies. CVE-ID CVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett
CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreAnimation's handling of images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1258 : Karl Smith of NCC Group
CoreText Available for: OS X Mavericks 10.9 and 10.9.1 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in CoreText in the handling of Unicode fonts. This issue is addressed through improved bounds checking. CVE-ID CVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs
curl Available for: OS X Mavericks 10.9 and 10.9.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: When using curl to connect to an HTTPS URL containing an IP address, the IP address was not validated against the certificate. CVE-ID CVE-2014-1263 : Roland Moriz of Moriz GmbH
Data Security Available for: OS X Mavericks 10.9 and 10.9.1 Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. CVE-ID CVE-2014-1266
Date and Time Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: An unprivileged user may change the system clock Description: This update changes the behavior of the systemsetup command to require administrator privileges to change the system clock. CVE-ID CVE-2014-1265
File Bookmark Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a file with a maliciously crafted name may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of file names. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1259
Finder Available for: OS X Mavericks 10.9 and 10.9.1 Impact: Accessing a file's ACL via Finder may lead to other users gaining unauthorized access to files Description: Accessing a file's ACL via Finder may corrupt the ACLs on the file. This issue was addressed through improved handling of ACLs. CVE-ID CVE-2014-1264
ImageIO Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a maliciously crafted JPEG file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in libjpeg's handling of JPEG markers, resulting in the disclosure of memory contents. This issue was addressed by better JPEG handling. CVE-ID CVE-2013-6629 : Michal Zalewski
IOSerialFamily Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-5139 : @dent1zt
LaunchServices Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: A file could show the wrong extension Description: An issue existed in the handling of certain unicode characters that could allow filenames to show incorrect extensions. The issue was addressed by filtering unsafe unicode characters from display in filenames. CVE-ID CVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre of Intego
NVIDIA Drivers Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Executing a malicious application could result in arbitrary code execution within the graphics card Description: An issue existed that allowed writes to some trusted memory on the graphics card. This issue was addressed by removing the ability of the host to write to that memory. CVE-ID CVE-2013-5986 : Marcin Kościelnicki from the X.Org Foundation Nouveau project CVE-2013-5987 : Marcin Kościelnicki from the X.Org Foundation Nouveau project
PHP Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP, the most serious of which may have led to arbitrary code execution. CVE-ID CVE-2013-4073 CVE-2013-4113 CVE-2013-4248 CVE-2013-6420
QuickLook Available for: OS X Mountain Lion v10.8.5 Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. CVE-ID CVE-2014-1260 : Felix Groebert of the Google Security Team
QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Downloading a maliciously crafted Microsoft Word document may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in QuickLook's handling of Microsoft Word documents. This issue was addressed through improved memory management. CVE-ID CVE-2014-1252 : Felix Groebert of the Google Security Team
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ftab' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1246 : An anonymous researcher working with HP's Zero Day Initiative
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ldat' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1248 : Jason Kratzer working with iDefense VCP
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PSD images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1249 : dragonltx of Tencent Security Team
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of 'ttfo' elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1250 : Jason Kratzer working with iDefense VCP
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of 'stsz' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
Secure Transport Available for: OS X Mountain Lion v10.8.5 Impact: An attacker may be able to decrypt data protected by SSL Description: There were known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode. To address these issues for applications using Secure Transport, the 1-byte fragment mitigation was enabled by default for this configuration. CVE-ID CVE-2011-3389 : Juliano Rizzo and Thai Duong
OS X Mavericks v10.9.2 includes the content of Safari 7.0.2.
OS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn mlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6 U0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb OlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ 3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8 C6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY Y7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O t2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX iB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ q5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv kBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI aiYIh+SzR0rBdMZRgyzv =+DAJ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0409",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.67.75.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.7.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.69.80.9"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.71.80.42"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.68.75.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.70.80.34"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.66.71.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.7.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.65.17.80"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.62.14.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.60.92.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.5.0"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.64.17.73"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.5"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7.5 (windows 7)"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7.5 (windows vista)"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7.5 (windows xp sp2 or later )"
},
{
"model": "quicktime",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-048"
},
{
"db": "BID",
"id": "65777"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001474"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-439"
},
{
"db": "NVD",
"id": "CVE-2014-1246"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001474"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-048"
}
],
"trust": 0.7
},
"cve": "CVE-2014-1246",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1246",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1246",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-69185",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1246",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-1246",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-1246",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-439",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-69185",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-048"
},
{
"db": "VULHUB",
"id": "VHN-69185"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001474"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-439"
},
{
"db": "NVD",
"id": "CVE-2014-1246"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of the ftab atom. By providing an overly large font name, an attacker can overflow a fixed size stack buffer. An attacker could use this vulnerability to execute arbitrary code in the context of the user. Apple Mac OS X is prone to multiple vulnerabilities. \nThe update addresses new vulnerabilities that affect ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, and File Bookmark components. Failed attacks may cause denial-of-service conditions. \nThese issues affect OS X versions prior to 10.9.2. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. Apple QuickTime 7.7.4 and earlier have a buffer overflow vulnerability in the handling of the \"ftab\" atom. These issues were\naddressed by updating Apache to version 2.2.26. \nCVE-ID\nCVE-2013-1862\nCVE-2013-1896\n\nApp Sandbox\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: The App Sandbox may be bypassed\nDescription: The LaunchServices interface for launching an\napplication allowed sandboxed apps to specify the list of arguments\npassed to the new process. A compromised sandboxed application could\nabuse this to bypass the sandbox. This issue was addressed by\npreventing sandboxed applications from specifying arguments. \nCVE-ID\nCVE-2013-5179 : Friedrich Graeter of The Soulmen GbR\n\nATS\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 and 10.9.1\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nhandling of Type 1 fonts. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-1254 : Felix Groebert of the Google Security Team\n\nATS\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: The App Sandbox may be bypassed\nDescription: A memory corruption issue existed in the handling of\nMach messages passed to ATS. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-1262 : Meder Kydyraliev of the Google Security Team\n\nATS\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: The App Sandbox may be bypassed\nDescription: An arbitrary free issue existed in the handling of Mach\nmessages passed to ATS. This issue was addressed through additional\nvalidation of Mach messages. \nCVE-ID\nCVE-2014-1255 : Meder Kydyraliev of the Google Security Team\n\nATS\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: The App Sandbox may be bypassed\nDescription: A buffer overflow issue existed in the handling of Mach\nmessages passed to ATS. This issue was addressed by additional bounds\nchecking. \nCVE-ID\nCVE-2014-1256 : Meder Kydyraliev of the Google Security Team\n\nCertificate Trust Policy\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Root certificates have been updated\nDescription: The set of system root certificates has been updated. \nThe complete list of recognized system roots may be viewed via the\nKeychain Access application. \n\nCFNetwork Cookies\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Session cookies may persist even after resetting Safari\nDescription: Resetting Safari did not always delete session cookies\nuntil Safari was closed. This issue was addressed through improved\nhandling of session cookies. \nCVE-ID\nCVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett\n\nCoreAnimation\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 and 10.9.1\nImpact: Visiting a maliciously crafted site may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in CoreAnimation\u0027s\nhandling of images. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1258 : Karl Smith of NCC Group\n\nCoreText\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: Applications that use CoreText may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in CoreText in the handling\nof Unicode fonts. This issue is addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs\n\ncurl\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: When using curl to connect to an HTTPS URL containing\nan IP address, the IP address was not validated against the\ncertificate. \nCVE-ID\nCVE-2014-1263 : Roland Moriz of Moriz GmbH\n\nData Security\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: An attacker with a privileged network position may capture\nor modify data in sessions protected by SSL/TLS\nDescription: Secure Transport failed to validate the authenticity of\nthe connection. This issue was addressed by restoring missing\nvalidation steps. \nCVE-ID\nCVE-2014-1266\n\nDate and Time\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: An unprivileged user may change the system clock\nDescription: This update changes the behavior of the systemsetup\ncommand to require administrator privileges to change the system\nclock. \nCVE-ID\nCVE-2014-1265\n\nFile Bookmark\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Viewing a file with a maliciously crafted name may lead to\nan unexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of file\nnames. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1259\n\nFinder\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: Accessing a file\u0027s ACL via Finder may lead to other users\ngaining unauthorized access to files\nDescription: Accessing a file\u0027s ACL via Finder may corrupt the ACLs\non the file. This issue was addressed through improved handling of\nACLs. \nCVE-ID\nCVE-2014-1264\n\nImageIO\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Viewing a maliciously crafted JPEG file may lead to the\ndisclosure of memory contents\nDescription: An uninitialized memory access issue existed in\nlibjpeg\u0027s handling of JPEG markers, resulting in the disclosure of\nmemory contents. This issue was addressed by better JPEG handling. \nCVE-ID\nCVE-2013-6629 : Michal Zalewski\n\nIOSerialFamily\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5\nImpact: Executing a malicious application may result in arbitrary\ncode execution within the kernel\nDescription: An out of bounds array access existed in the\nIOSerialFamily driver. This issue was addressed through additional\nbounds checking. \nCVE-ID\nCVE-2013-5139 : @dent1zt\n\nLaunchServices\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5\nImpact: A file could show the wrong extension\nDescription: An issue existed in the handling of certain unicode\ncharacters that could allow filenames to show incorrect extensions. \nThe issue was addressed by filtering unsafe unicode characters from\ndisplay in filenames. \nCVE-ID\nCVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre\nof Intego\n\nNVIDIA Drivers\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Executing a malicious application could result in arbitrary\ncode execution within the graphics card\nDescription: An issue existed that allowed writes to some trusted\nmemory on the graphics card. This issue was addressed by removing the\nability of the host to write to that memory. \nCVE-ID\nCVE-2013-5986 : Marcin Ko\u015bcielnicki from the X.Org Foundation\nNouveau project\nCVE-2013-5987 : Marcin Ko\u015bcielnicki from the X.Org Foundation\nNouveau project\n\nPHP\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP, the most\nserious of which may have led to arbitrary code execution. \nCVE-ID\nCVE-2013-4073\nCVE-2013-4113\nCVE-2013-4248\nCVE-2013-6420\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Downloading a maliciously crafted Microsoft Office file may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: A memory corruption issue existed in QuickLook\u0027s\nhandling of Microsoft Office files. \nCVE-ID\nCVE-2014-1260 : Felix Groebert of the Google Security Team\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 and 10.9.1\nImpact: Downloading a maliciously crafted Microsoft Word document\nmay lead to an unexpected application termination or arbitrary code\nexecution\nDescription: A double free issue existed in QuickLook\u0027s handling of\nMicrosoft Word documents. This issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2014-1252 : Felix Groebert of the Google Security Team\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027ftab\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1246 : An anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n\u0027dref\u0027 atoms. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1247 : Tom Gallagher \u0026 Paul Bates working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027ldat\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1248 : Jason Kratzer working with iDefense VCP\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Viewing a maliciously crafted PSD image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of PSD\nimages. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1249 : dragonltx of Tencent Security Team\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out of bounds byte swapping issue existed in the\nhandling of \u0027ttfo\u0027 elements. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-1250 : Jason Kratzer working with iDefense VCP\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in the handling of \u0027stsz\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1245 : Tom Gallagher \u0026 Paul Bates working with HP\u0027s Zero Day\nInitiative\n\nSecure Transport\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There were known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode. \nTo address these issues for applications using Secure Transport, the\n1-byte fragment mitigation was enabled by default for this\nconfiguration. \nCVE-ID\nCVE-2011-3389 : Juliano Rizzo and Thai Duong\n\nOS X Mavericks v10.9.2 includes the content of Safari 7.0.2. \n\nOS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from \nthe Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn\nmlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6\nU0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb\nOlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ\n3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8\nC6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY\nY7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O\nt2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX\niB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ\nq5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv\nkBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI\naiYIh+SzR0rBdMZRgyzv\n=+DAJ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1246"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001474"
},
{
"db": "ZDI",
"id": "ZDI-14-048"
},
{
"db": "BID",
"id": "65777"
},
{
"db": "VULHUB",
"id": "VHN-69185"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "PACKETSTORM",
"id": "125429"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1246",
"trust": 3.7
},
{
"db": "JVN",
"id": "JVNVU95788297",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95868425",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001474",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1943",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-048",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201402-439",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "57148",
"trust": 0.6
},
{
"db": "BID",
"id": "65777",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-69185",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125427",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125429",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-048"
},
{
"db": "VULHUB",
"id": "VHN-69185"
},
{
"db": "BID",
"id": "65777"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001474"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "PACKETSTORM",
"id": "125429"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-439"
},
{
"db": "NVD",
"id": "CVE-2014-1246"
}
]
},
"id": "VAR-201402-0409",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69185"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:53:29.402000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2014-02-25-3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2014/Feb/msg00002.html"
},
{
"title": "APPLE-SA-2014-02-25-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html"
},
{
"title": "HT6150",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6150"
},
{
"title": "HT6151",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6151"
},
{
"title": "HT6151",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6151?viewlocale=ja_JP"
},
{
"title": "HT6150",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6150?viewlocale=ja_JP"
},
{
"title": "Apple has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://support.apple.com/kb/HT1222"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-048"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001474"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69185"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001474"
},
{
"db": "NVD",
"id": "CVE-2014-1246"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht6150"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht6151"
},
{
"trust": 0.9,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1246"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95868425/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95788297/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1246"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/57148"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1250"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1245"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1249"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1248"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1247"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1246"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1255"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5179"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1254"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5986"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1243"
},
{
"trust": 0.1,
"url": "http://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1244"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-048"
},
{
"db": "VULHUB",
"id": "VHN-69185"
},
{
"db": "BID",
"id": "65777"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001474"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "PACKETSTORM",
"id": "125429"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-439"
},
{
"db": "NVD",
"id": "CVE-2014-1246"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-14-048"
},
{
"db": "VULHUB",
"id": "VHN-69185"
},
{
"db": "BID",
"id": "65777"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001474"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "PACKETSTORM",
"id": "125429"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-439"
},
{
"db": "NVD",
"id": "CVE-2014-1246"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-048"
},
{
"date": "2014-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-69185"
},
{
"date": "2014-02-25T00:00:00",
"db": "BID",
"id": "65777"
},
{
"date": "2014-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001474"
},
{
"date": "2014-02-26T22:21:07",
"db": "PACKETSTORM",
"id": "125427"
},
{
"date": "2014-02-26T22:26:17",
"db": "PACKETSTORM",
"id": "125429"
},
{
"date": "2014-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-439"
},
{
"date": "2014-02-27T01:55:03.680000",
"db": "NVD",
"id": "CVE-2014-1246"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-048"
},
{
"date": "2014-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-69185"
},
{
"date": "2014-04-17T00:49:00",
"db": "BID",
"id": "65777"
},
{
"date": "2014-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001474"
},
{
"date": "2014-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-439"
},
{
"date": "2024-11-21T02:03:54.960000",
"db": "NVD",
"id": "CVE-2014-1246"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-439"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001474"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-439"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…