cvelistv5 - cve-2014-1391

CVE-2014-1391 (GCVE-0-2014-1391)

Vulnerability from cvelistv5

Published

2014-09-19 10:00

Modified

2024-08-06 09:42

Severity ?

CWE

Summary

References

URL

Tags

product-security@apple.com	http://support.apple.com/kb/HT6443	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/69907
product-security@apple.com	http://www.securitytracker.com/id/1030868
product-security@apple.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/96049
product-security@apple.com	https://support.apple.com/kb/HT6493
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT6443	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/69907
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030868
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/96049
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT6493

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:42:35.328Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT6493"
          },
          {
            "name": "1030868",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030868"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6443"
          },
          {
            "name": "69907",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69907"
          },
          {
            "name": "macosx-cve20141391-code-exec(96049)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT6493"
        },
        {
          "name": "1030868",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030868"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6443"
        },
        {
          "name": "69907",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69907"
        },
        {
          "name": "macosx-cve20141391-code-exec(96049)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-1391",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/kb/HT6493",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT6493"
            },
            {
              "name": "1030868",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030868"
            },
            {
              "name": "http://support.apple.com/kb/HT6443",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "69907",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69907"
            },
            {
              "name": "macosx-cve20141391-code-exec(96049)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2014-1391",
    "datePublished": "2014-09-19T10:00:00",
    "dateReserved": "2014-01-08T00:00:00",
    "dateUpdated": "2024-08-06T09:42:35.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-1391\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2014-09-19T10:55:03.403\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.\"},{\"lang\":\"es\",\"value\":\"QT Media Foundation en Apple OS X anterior a 10.9.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero de v\u00eddeo con codificaci\u00f3n RLE.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D318511-0594-4EE0-BA09-1FA110CFDD17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D30B4B-DA63-40B0-B0C9-F3992CF25706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A48A5310-A589-4E9B-99BC-F840CC1A6A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F241EBFB-CCB3-4D16-B476-AC1578D3C435\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AEAD650-87D1-49BB-A8C7-BA39FD47285C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BB54764-186F-490D-A17A-4FA1180A854B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0D6629C-8842-4AC1-99BC-A0F9A2967B54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8751C7BF-EDDA-4B23-9BE4-5F62B409198D\"}]}]}],\"references\":[{\"url\":\"http://support.apple.com/kb/HT6443\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/69907\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securitytracker.com/id/1030868\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/96049\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/kb/HT6493\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT6443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/69907\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1030868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/96049\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT6493\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-8gj9-x892-w96j

Vulnerability from github

Published

2022-05-17 01:27

Modified

2022-05-17 01:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1391"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-09-19T10:55:00Z",
    "severity": "MODERATE"
  },
  "details": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.",
  "id": "GHSA-8gj9-x892-w96j",
  "modified": "2022-05-17T01:27:13Z",
  "published": "2022-05-17T01:27:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1391"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT6493"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT6443"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/69907"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030868"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Apple Safari versions antérieures à 6.2
Apple	N/A	Apple OS X Server versions antérieures à 3.2.1
Apple	N/A	Apple iOS versions antérieures à 8
Apple	N/A	Apple OS X Mavericks versions antérieures à 10.9.5
Apple	N/A	Apple TV versions antérieures à 7
Apple	N/A	Apple Xcode versions antérieures à 6.0.1
Apple	Safari	Apple Safari versions antérieures à 7.1
Apple	N/A	Apple OS X Server versions antérieures à 2.2.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT6449 du 17 septembre 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6442 du 17 septembre 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6448 du 17 septembre 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6441 du 17 septembre 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6443 du 17 septembre 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6444 du 17 septembre 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6440 du 17 septembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 6.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Server versions ant\u00e9rieures \u00e0 3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Mavericks versions ant\u00e9rieures \u00e0 10.9.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple TV versions ant\u00e9rieures \u00e0 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Xcode versions ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 7.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Server versions ant\u00e9rieures \u00e0 2.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-4396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4396"
    },
    {
      "name": "CVE-2014-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1389"
    },
    {
      "name": "CVE-2014-4424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4424"
    },
    {
      "name": "CVE-2014-3479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3479"
    },
    {
      "name": "CVE-2014-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4394"
    },
    {
      "name": "CVE-2014-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0238"
    },
    {
      "name": "CVE-2014-1348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1348"
    },
    {
      "name": "CVE-2014-4410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4410"
    },
    {
      "name": "CVE-2014-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
    },
    {
      "name": "CVE-2014-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0207"
    },
    {
      "name": "CVE-2014-4369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4369"
    },
    {
      "name": "CVE-2014-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4378"
    },
    {
      "name": "CVE-2014-4379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4379"
    },
    {
      "name": "CVE-2014-4375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4375"
    },
    {
      "name": "CVE-2014-4406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4406"
    },
    {
      "name": "CVE-2014-0061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
    },
    {
      "name": "CVE-2014-4377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4377"
    },
    {
      "name": "CVE-2014-4395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4395"
    },
    {
      "name": "CVE-2014-4418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4418"
    },
    {
      "name": "CVE-2014-4399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4399"
    },
    {
      "name": "CVE-2014-4397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4397"
    },
    {
      "name": "CVE-2013-6835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6835"
    },
    {
      "name": "CVE-2014-4366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4366"
    },
    {
      "name": "CVE-2014-4422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4422"
    },
    {
      "name": "CVE-2014-4367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4367"
    },
    {
      "name": "CVE-2014-4398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4398"
    },
    {
      "name": "CVE-2014-4380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4380"
    },
    {
      "name": "CVE-2014-0185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0185"
    },
    {
      "name": "CVE-2014-4364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4364"
    },
    {
      "name": "CVE-2014-4372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4372"
    },
    {
      "name": "CVE-2014-4362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4362"
    },
    {
      "name": "CVE-2014-0032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0032"
    },
    {
      "name": "CVE-2014-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4415"
    },
    {
      "name": "CVE-2014-4411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4411"
    },
    {
      "name": "CVE-2014-4350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4350"
    },
    {
      "name": "CVE-2014-3515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3515"
    },
    {
      "name": "CVE-2014-1385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1385"
    },
    {
      "name": "CVE-2014-4368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4368"
    },
    {
      "name": "CVE-2014-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0237"
    },
    {
      "name": "CVE-2014-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4409"
    },
    {
      "name": "CVE-2014-4403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4403"
    },
    {
      "name": "CVE-2014-4405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4405"
    },
    {
      "name": "CVE-2014-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4416"
    },
    {
      "name": "CVE-2014-4401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4401"
    },
    {
      "name": "CVE-2014-2525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2525"
    },
    {
      "name": "CVE-2014-4374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4374"
    },
    {
      "name": "CVE-2014-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0221"
    },
    {
      "name": "CVE-2014-1388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1388"
    },
    {
      "name": "CVE-2014-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4421"
    },
    {
      "name": "CVE-2014-1360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1360"
    },
    {
      "name": "CVE-2014-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0195"
    },
    {
      "name": "CVE-2013-6663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6663"
    },
    {
      "name": "CVE-2014-4413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4413"
    },
    {
      "name": "CVE-2014-4376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4376"
    },
    {
      "name": "CVE-2014-4356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4356"
    },
    {
      "name": "CVE-2014-4386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4386"
    },
    {
      "name": "CVE-2014-1943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1943"
    },
    {
      "name": "CVE-2014-4381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4381"
    },
    {
      "name": "CVE-2014-4404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4404"
    },
    {
      "name": "CVE-2014-4353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4353"
    },
    {
      "name": "CVE-2014-1384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1384"
    },
    {
      "name": "CVE-2014-4383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4383"
    },
    {
      "name": "CVE-2014-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4390"
    },
    {
      "name": "CVE-2014-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4423"
    },
    {
      "name": "CVE-2014-4412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4412"
    },
    {
      "name": "CVE-2014-4419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4419"
    },
    {
      "name": "CVE-2014-4420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4420"
    },
    {
      "name": "CVE-2014-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1387"
    },
    {
      "name": "CVE-2014-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
    },
    {
      "name": "CVE-2014-4384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4384"
    },
    {
      "name": "CVE-2014-4363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4363"
    },
    {
      "name": "CVE-2014-4400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4400"
    },
    {
      "name": "CVE-2014-1391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1391"
    },
    {
      "name": "CVE-2014-4408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4408"
    },
    {
      "name": "CVE-2014-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
    },
    {
      "name": "CVE-2014-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
    },
    {
      "name": "CVE-2014-4407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4407"
    },
    {
      "name": "CVE-2014-3480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3480"
    },
    {
      "name": "CVE-2014-3478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3478"
    },
    {
      "name": "CVE-2014-3470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
    },
    {
      "name": "CVE-2014-3981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3981"
    },
    {
      "name": "CVE-2014-4361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4361"
    },
    {
      "name": "CVE-2014-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
    },
    {
      "name": "CVE-2013-7345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7345"
    },
    {
      "name": "CVE-2014-4389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4389"
    },
    {
      "name": "CVE-2014-4357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4357"
    },
    {
      "name": "CVE-2013-5227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5227"
    },
    {
      "name": "CVE-2014-4979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4979"
    },
    {
      "name": "CVE-2014-0076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
    },
    {
      "name": "CVE-2014-4371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4371"
    },
    {
      "name": "CVE-2014-4402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4402"
    },
    {
      "name": "CVE-2014-4373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4373"
    },
    {
      "name": "CVE-2014-4393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4393"
    },
    {
      "name": "CVE-2014-2270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2270"
    },
    {
      "name": "CVE-2014-4352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4352"
    },
    {
      "name": "CVE-2014-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
    },
    {
      "name": "CVE-2014-4414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4414"
    },
    {
      "name": "CVE-2014-4354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4354"
    },
    {
      "name": "CVE-2014-4388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4388"
    },
    {
      "name": "CVE-2014-3487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3487"
    },
    {
      "name": "CVE-2014-4049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4049"
    },
    {
      "name": "CVE-2011-2391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2391"
    },
    {
      "name": "CVE-2014-0066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
    }
  ],
  "initial_release_date": "2014-09-18T00:00:00",
  "last_revision_date": "2014-09-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-393",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-09-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6449 du 17 septembre 2014",
      "url": "http://support.apple.com/kb/HT6449"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6442 du 17 septembre 2014",
      "url": "http://support.apple.com/kb/HT6442"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6448 du 17 septembre 2014",
      "url": "http://support.apple.com/kb/HT6448"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6441 du 17 septembre 2014",
      "url": "http://support.apple.com/kb/HT6441"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6443 du 17 septembre 2014",
      "url": "http://support.apple.com/kb/HT6443"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6444 du 17 septembre 2014",
      "url": "http://support.apple.com/kb/HT6444"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6440 du 17 septembre 2014",
      "url": "http://support.apple.com/kb/HT6440"
    }
  ]
}

CERTFR-2014-AVI-441

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple QuickTime. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

QuickTime versions antérieures à 7.7.6

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 22 octobre 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eQuickTime versions ant\u00e9rieures \u00e0 7.7.6\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-4350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4350"
    },
    {
      "name": "CVE-2014-1391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1391"
    },
    {
      "name": "CVE-2014-4979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4979"
    },
    {
      "name": "CVE-2014-4351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4351"
    }
  ],
  "initial_release_date": "2014-10-23T00:00:00",
  "last_revision_date": "2014-10-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-441",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-10-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple QuickTime\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 22 octobre 2014",
      "url": "https://support.apple.com/kb/HT6493"
    }
  ]
}

gsd-2014-1391

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-1391

Aliases

CVE-2014-1391

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-1391",
    "description": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.",
    "id": "GSD-2014-1391"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-1391"
      ],
      "details": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.",
      "id": "GSD-2014-1391",
      "modified": "2023-12-13T01:22:50.973113Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2014-1391",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/kb/HT6493",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT6493"
          },
          {
            "name": "1030868",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030868"
          },
          {
            "name": "http://support.apple.com/kb/HT6443",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT6443"
          },
          {
            "name": "69907",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/69907"
          },
          {
            "name": "macosx-cve20141391-code-exec(96049)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-1391"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT6443",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "https://support.apple.com/kb/HT6493",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/kb/HT6493"
            },
            {
              "name": "1030868",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030868"
            },
            {
              "name": "69907",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/69907"
            },
            {
              "name": "macosx-cve20141391-code-exec(96049)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-29T01:34Z",
      "publishedDate": "2014-09-19T10:55Z"
    }
  }
}

var-201409-0533

Vulnerability from variot

QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of RLE encoded data in the mdat atom. An attacker can use this flaw to write outside the allocated buffer, which could allow for the execution of arbitrary code in the context of the current process. Apple Mac OS X is prone to a memory-corruption vulnerability because it fails to perform adequate bounds checks on user-supplied input. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Apple OS X is a dedicated operating system developed by Apple for Mac computers. A security vulnerability exists in QT Media Foundation versions prior to Apple OS X 10.9.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004

OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following:

apache_mod_php Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in PHP 5.4.24 Description: Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30 CVE-ID CVE-2013-7345 CVE-2014-0185 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3981 CVE-2014-4049

Bluetooth Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of a Bluetooth API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4390 : Ian Beer of Google Project Zero

CoreGraphics Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program

CoreGraphics Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program

Foundation Available for: OS X Mavericks 10.9 to 10.9.4 Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)

Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Compiling untrusted GLSL shaders may lead to an unexpected application termination or arbitrary code execution Description: A user-space buffer overflow existed in the shader compiler. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4393 : Apple

Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking. CVE-ID CVE-2014-4394 : Ian Beer of Google Project Zero CVE-2014-4395 : Ian Beer of Google Project Zero CVE-2014-4396 : Ian Beer of Google Project Zero CVE-2014-4397 : Ian Beer of Google Project Zero CVE-2014-4398 : Ian Beer of Google Project Zero CVE-2014-4399 : Ian Beer of Google Project Zero CVE-2014-4400 : Ian Beer of Google Project Zero CVE-2014-4401 : Ian Beer of Google Project Zero CVE-2014-4416 : Ian Beer of Google Project Zero

IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4376 : Ian Beer of Google Project Zero

IOAcceleratorFamily Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read issue existed in the handling of an IOAcceleratorFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4402 : Ian Beer of Google Project Zero

IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4379 : Ian Beer of Google Project Zero

IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4388 : @PanguTeam

IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4389 : Ian Beer of Google Project Zero

Kernel Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A local user can infer kernel addresses and bypass kernel address space layout randomization Description: In some cases, the CPU Global Descriptor Table was allocated at a predictable address. This issue was addressed through always allocating the Global Descriptor Table at random addresses. CVE-ID CVE-2014-4403 : Ian Beer of Google Project Zero

Libnotify Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking CVE-ID CVE-2014-4381 : Ian Beer of Google Project Zero

OpenSSL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom Gallagher & Paul Bates working with HP's Zero Day Initiative

QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MIDI files. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative

ruby Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A heap buffer overflow existed in LibYAML's handling of percent-encoded characters in a URI. This issue was addressed through improved bounds checking. This update addresses the issues by updating LibYAML to version 0.1.6 CVE-ID CVE-2014-2525

Note: OS X Mavericks 10.9.5 includes the security content of Safari 7.0.6: http://support.apple.com/kb/HT6367

OS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+ Ct0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh CiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V sCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1 hFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ Jb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw ZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW 5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA 3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl QHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP kCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf k4w2RKNm0Fv+kdNoFAnd =gpVc -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0533",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "apple",
        "version": "10.7.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "apple",
        "version": "10.7.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9 to  10.9.4"
      },
      {
        "model": "quicktime",
        "scope": null,
        "trust": 0.7,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.7.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.7.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.8"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.7"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.6(1671)"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.5.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1.70"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.7"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.64.17.73"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6.9"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-325"
      },
      {
        "db": "BID",
        "id": "69907"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-699"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1391"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tom Gallagher \u0026 Paul Bates",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-325"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-1391",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-1391",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 2.5,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-69330",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-1391",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-1391",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "ZDI",
            "id": "CVE-2014-1391",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201409-699",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-69330",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-325"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-699"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1391"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of RLE encoded data in the mdat atom. An attacker can use this flaw to write outside the allocated buffer, which could allow for the execution of arbitrary code in the context of the current process. Apple Mac OS X is prone to a memory-corruption vulnerability because it fails to perform adequate bounds checks on user-supplied input. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Apple OS X is a dedicated operating system developed by Apple for Mac computers. A security vulnerability exists in QT Media Foundation versions prior to Apple OS X 10.9.5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update\n2014-004\n\nOS X Mavericks 10.9.5 and Security Update 2014-004 are now available\nand address the following:\n\napache_mod_php\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  Multiple vulnerabilities in PHP 5.4.24\nDescription:  Multiple vulnerabilities existed in PHP 5.4.24, the\nmost serious of which may have led to arbitrary code execution. This\nupdate addresses the issues by updating PHP to version 5.4.30\nCVE-ID\nCVE-2013-7345\nCVE-2014-0185\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-1943\nCVE-2014-2270\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3515\nCVE-2014-3981\nCVE-2014-4049\n\nBluetooth\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A validation issue existed in the handling of a\nBluetooth API call. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4390 : Ian Beer of Google Project Zero\n\nCoreGraphics\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or an information disclosure\nDescription:  An out of bounds memory read existed in the handling of\nPDF files. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nCoreGraphics\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An integer overflow existed in the handling of PDF\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nFoundation\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  An application using NSXMLParser may be misused to disclose\ninformation\nDescription:  An XML External Entity issue existed in NSXMLParser\u0027s\nhandling of XML. This issue was addressed by not loading external\nentities across origins. \nCVE-ID\nCVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)\n\nIntel Graphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  Compiling untrusted GLSL shaders may lead to an unexpected\napplication termination or arbitrary code execution\nDescription:  A user-space buffer overflow existed in the shader\ncompiler. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4393 : Apple\n\nIntel Graphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple validation issues existed in some integrated\ngraphics driver routines. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4394 : Ian Beer of Google Project Zero\nCVE-2014-4395 : Ian Beer of Google Project Zero\nCVE-2014-4396 : Ian Beer of Google Project Zero\nCVE-2014-4397 : Ian Beer of Google Project Zero\nCVE-2014-4398 : Ian Beer of Google Project Zero\nCVE-2014-4399 : Ian Beer of Google Project Zero\nCVE-2014-4400 : Ian Beer of Google Project Zero\nCVE-2014-4401 : Ian Beer of Google Project Zero\nCVE-2014-4416 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A null pointer dereference existed in the handling of\nIOKit API arguments. This issue was addressed through improved\nvalidation of IOKit API arguments. \nCVE-ID\nCVE-2014-4376 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An out-of-bounds read issue existed in the handling of\nan IOAcceleratorFamily function. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4402 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A local user can read kernel pointers, which can be used to\nbypass kernel address space layout randomization\nDescription:  An out-of-bounds read issue existed in the handling of\nan IOHIDFamily function. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-4379 : Ian Beer of Google Project Zero\n\nIOKit\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-4388 : @PanguTeam\n\nIOKit\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An integer overflow existed in the handling of IOKit\nfunctions. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4389 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  A local user can infer kernel addresses and bypass kernel\naddress space layout randomization\nDescription:  In some cases, the CPU Global Descriptor Table was\nallocated at a predictable address. This issue was addressed through\nalways allocating the Global Descriptor Table at random addresses. \nCVE-ID\nCVE-2014-4403 : Ian Beer of Google Project Zero\n\nLibnotify\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription:  An out-of-bounds write issue existed in Libnotify. This\nissue was addressed through improved bounds checking\nCVE-ID\nCVE-2014-4381 : Ian Beer of Google Project Zero\n\nOpenSSL\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact:  Multiple vulnerabilities in OpenSSL 0.9.8y, including one\nthat may lead to arbitrary code execution\nDescription:  Multiple vulnerabilities existed in OpenSSL 0.9.8y. \nThis update was addressed by updating OpenSSL to version 0.9.8za. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom\nGallagher \u0026 Paul Bates working with HP\u0027s Zero Day Initiative\n\nQT Media Foundation\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact:  Playing a maliciously crafted MIDI file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in the handling of MIDI\nfiles. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4979 : Andrea Micalizzi aka rgod working with HP\u0027s Zero Day\nInitiative\n\nruby\nAvailable for:  OS X Mavericks 10.9 to 10.9.4\nImpact:  A remote attacker may be able to cause arbitrary code\nexecution\nDescription:  A heap buffer overflow existed in LibYAML\u0027s handling of\npercent-encoded characters in a URI. This issue was addressed through\nimproved bounds checking. This update addresses the issues by\nupdating LibYAML to version 0.1.6\nCVE-ID\nCVE-2014-2525\n\n\nNote: OS X Mavericks 10.9.5 includes the security content of\nSafari 7.0.6: http://support.apple.com/kb/HT6367\n\nOS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+\nCt0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh\nCiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V\nsCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1\nhFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ\nJb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw\nZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW\n5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA\n3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl\nQHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP\nkCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf\nk4w2RKNm0Fv+kdNoFAnd\n=gpVc\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-1391"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-325"
      },
      {
        "db": "BID",
        "id": "69907"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69330"
      },
      {
        "db": "PACKETSTORM",
        "id": "128315"
      },
      {
        "db": "PACKETSTORM",
        "id": "128840"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-1391",
        "trust": 3.7
      },
      {
        "db": "BID",
        "id": "69907",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1030868",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU93868849",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004334",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1996",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-325",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-699",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "128840",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-69330",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128315",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-325"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69330"
      },
      {
        "db": "BID",
        "id": "69907"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      },
      {
        "db": "PACKETSTORM",
        "id": "128315"
      },
      {
        "db": "PACKETSTORM",
        "id": "128840"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-699"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1391"
      }
    ]
  },
  "id": "VAR-201409-0533",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69330"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:18:58.943000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT6443",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6443"
      },
      {
        "title": "HT6443",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6443?viewlocale=ja_JP"
      },
      {
        "title": "Apple has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "http://support.apple.com/kb/HT1222"
      },
      {
        "title": "OSXUpd10.9.5",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51639"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-325"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-699"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1391"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht6443"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/69907"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht6493"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030868"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
      },
      {
        "trust": 0.9,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1391"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93868849/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1391"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4350"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1391"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4378"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4376"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4377"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2525"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
      },
      {
        "trust": 0.1,
        "url": "http://www.vsecurity.com/)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht6367"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4374"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/quicktime/download/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4979"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-325"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      },
      {
        "db": "PACKETSTORM",
        "id": "128315"
      },
      {
        "db": "PACKETSTORM",
        "id": "128840"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-699"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1391"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-14-325"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69330"
      },
      {
        "db": "BID",
        "id": "69907"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      },
      {
        "db": "PACKETSTORM",
        "id": "128315"
      },
      {
        "db": "PACKETSTORM",
        "id": "128840"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-699"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1391"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-09-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-14-325"
      },
      {
        "date": "2014-09-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69330"
      },
      {
        "date": "2014-09-17T00:00:00",
        "db": "BID",
        "id": "69907"
      },
      {
        "date": "2014-09-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      },
      {
        "date": "2014-09-19T15:26:13",
        "db": "PACKETSTORM",
        "id": "128315"
      },
      {
        "date": "2014-10-24T20:29:35",
        "db": "PACKETSTORM",
        "id": "128840"
      },
      {
        "date": "2014-09-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201409-699"
      },
      {
        "date": "2014-09-19T10:55:03.403000",
        "db": "NVD",
        "id": "CVE-2014-1391"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-09-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-14-325"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69330"
      },
      {
        "date": "2014-10-29T00:58:00",
        "db": "BID",
        "id": "69907"
      },
      {
        "date": "2014-09-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      },
      {
        "date": "2014-09-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201409-699"
      },
      {
        "date": "2024-11-21T02:04:12.703000",
        "db": "NVD",
        "id": "CVE-2014-1391"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-699"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple OS X of  QT Media Foundation Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004334"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-699"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2014-1391

Vulnerability from fkie_nvd

Published

2014-09-19 10:55

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://support.apple.com/kb/HT6443	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/69907
product-security@apple.com	http://www.securitytracker.com/id/1030868
product-security@apple.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/96049
product-security@apple.com	https://support.apple.com/kb/HT6493
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT6443	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/69907
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030868
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/96049
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT6493

Impacted products

Vendor	Product	Version
apple	mac_os_x	10.7.5
apple	mac_os_x	10.8.5
apple	mac_os_x	10.9
apple	mac_os_x	10.9.1
apple	mac_os_x	10.9.2
apple	mac_os_x	10.9.3
apple	mac_os_x	10.9.4
apple	mac_os_x_server	10.7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D318511-0594-4EE0-BA09-1FA110CFDD17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D30B4B-DA63-40B0-B0C9-F3992CF25706",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48A5310-A589-4E9B-99BC-F840CC1A6A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F241EBFB-CCB3-4D16-B476-AC1578D3C435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AEAD650-87D1-49BB-A8C7-BA39FD47285C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BB54764-186F-490D-A17A-4FA1180A854B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0D6629C-8842-4AC1-99BC-A0F9A2967B54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8751C7BF-EDDA-4B23-9BE4-5F62B409198D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding."
    },
    {
      "lang": "es",
      "value": "QT Media Foundation en Apple OS X anterior a 10.9.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero de v\u00eddeo con codificaci\u00f3n RLE."
    }
  ],
  "id": "CVE-2014-1391",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-09-19T10:55:03.403",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT6443"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/69907"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1030868"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/kb/HT6493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT6443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/69907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT6493"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-1391 (GCVE-0-2014-1391)

Vulnerability from cvelistv5

ghsa-8gj9-x892-w96j

Vulnerability from github

CERTFR-2014-AVI-393

Vulnerability from certfr_avis

Solution

CERTFR-2014-AVI-441

Vulnerability from certfr_avis

Solution

gsd-2014-1391

Vulnerability from gsd

var-201409-0533

Vulnerability from variot

fkie_cve-2014-1391

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature