Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2006-AVI-019
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités ont été découvertes dans QuickTime permettant l'exécution de code arbitraire à distance ou la réalisation d'un déni de service.
Description
- Une vulnérabilité a été découverte dans le traitement des images au format QTIF (QuickTime Image). Un utilisateur mal intentionné peut, par le biais d'une image au format QTIF malicieusement constituée, exécuter du code arbitraire à distance (CVE-2005-2340) ;
- une vulnérabilité a été découverte dans le traitement des images au format TGA (Truevision Targa Graphic). Un utilisateur mal intentionné peut, par le biais d'une image au format TGA malicieusement constituée, exécuter du code arbitraire à distance ou réaliser un déni de service (CVE-2005-3707, CVE-2005-3708, CVE-2005-3709) ;
- une vulnérabilité a été découverte dans le traitement des images au format TIFF (Tagged Image File Format). Un utilisateur mal intentionné peut, par le biais d'une image au format TIFF malicieusement constituée, exécuter du code arbitraire à distance ou réaliser un déni de service (CVE-2005-3710, CVE-2005-3711) ;
- une vulnérabilité a été découverte dans le traitement des images au format GIF (Graphic Interchange Format). Un utilisateur mal intentionné peut, par le biais d'une image au format GIF malicieusement constituée, exécuter du code arbitraire à distance (CVE-2005-3713) ;
- une vulnérabilité a été découverte dans le traitement des fichiers media. Un utilisateur mal intentionné peut, par le biais d'un fichier media malicieusement constitué, exécuter du code arbitraire à distance (CVE-2005-4092).
Solution
Mettre à jour QuickTime en version 7.0.4 (voir Documentation).
QuickTime versions 7.0.3 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003e\u003cTT\u003eQuickTime\u003c/TT\u003e versions 7.0.3 et ant\u00e9rieures.\u003c/P\u003e",
"content": "## Description\n\n- Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des images au\n format QTIF (QuickTime Image). Un utilisateur mal intentionn\u00e9 peut,\n par le biais d\u0027une image au format QTIF malicieusement constitu\u00e9e,\n ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2005-2340) ;\n- une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des images au\n format TGA (Truevision Targa Graphic). Un utilisateur mal\n intentionn\u00e9 peut, par le biais d\u0027une image au format TGA\n malicieusement constitu\u00e9e, ex\u00e9cuter du code arbitraire \u00e0 distance ou\n r\u00e9aliser un d\u00e9ni de service (CVE-2005-3707, CVE-2005-3708,\n CVE-2005-3709) ;\n- une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des images au\n format TIFF (Tagged Image File Format). Un utilisateur mal\n intentionn\u00e9 peut, par le biais d\u0027une image au format TIFF\n malicieusement constitu\u00e9e, ex\u00e9cuter du code arbitraire \u00e0 distance ou\n r\u00e9aliser un d\u00e9ni de service (CVE-2005-3710, CVE-2005-3711) ;\n- une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des images au\n format GIF (Graphic Interchange Format). Un utilisateur mal\n intentionn\u00e9 peut, par le biais d\u0027une image au format GIF\n malicieusement constitu\u00e9e, ex\u00e9cuter du code arbitraire \u00e0 distance\n (CVE-2005-3713) ;\n- une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des fichiers\n media. Un utilisateur mal intentionn\u00e9 peut, par le biais d\u0027un\n fichier media malicieusement constitu\u00e9, ex\u00e9cuter du code arbitraire\n \u00e0 distance (CVE-2005-4092).\n\n## Solution\n\nMettre \u00e0 jour QuickTime en version 7.0.4 (voir Documentation).\n",
"cves": [
{
"name": "CVE-2005-3709",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3709"
},
{
"name": "CVE-2005-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3711"
},
{
"name": "CVE-2005-3708",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3708"
},
{
"name": "CVE-2005-3710",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3710"
},
{
"name": "CVE-2005-2340",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2340"
},
{
"name": "CVE-2005-4092",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-4092"
},
{
"name": "CVE-2005-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3707"
},
{
"name": "CVE-2005-3713",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3713"
}
],
"links": [
{
"title": "T\u00e9l\u00e9chargement de la version 7.0.4 de QuickTime :",
"url": "http://www.apple.com/quicktime"
}
],
"reference": "CERTA-2006-AVI-019",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans QuickTime permettant\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance ou la r\u00e9alisation d\u0027un d\u00e9ni de\nservice.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans QuickTime",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 10 janvier 2006",
"url": "http://docs.info.apple.com/article.html?artnum=61798"
}
]
}
CVE-2005-2340 (GCVE-0-2005-2340)
Vulnerability from cvelistv5 – Published: 2006-01-11 18:00 – Updated: 2024-08-07 22:22
VLAI?
EPSS
Summary
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:49.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#687201",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/687201"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"
},
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "TA06-011A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "22335",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22335"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-qtif-bo(24054)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054"
},
{
"name": "22333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22333"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "22334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22334"
},
{
"name": "16212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16212"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cirt.dk/advisories/cirt-41-advisory.pdf"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "332",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/332"
},
{
"name": "20060111 [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html"
},
{
"name": "1015463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015463"
},
{
"name": "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
},
{
"name": "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421566/100/0/threaded"
},
{
"name": "VU#629845",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/629845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#687201",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/687201"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"
},
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "TA06-011A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "22335",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22335"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-qtif-bo(24054)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054"
},
{
"name": "22333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22333"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "22334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22334"
},
{
"name": "16212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16212"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cirt.dk/advisories/cirt-41-advisory.pdf"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "332",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/332"
},
{
"name": "20060111 [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html"
},
{
"name": "1015463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015463"
},
{
"name": "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
},
{
"name": "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421566/100/0/threaded"
},
{
"name": "VU#629845",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/629845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-2340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#687201",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/687201"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"
},
{
"name": "18370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18370"
},
{
"name": "TA06-011A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "22335",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22335"
},
{
"name": "APPLE-SA-2006-01-10",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-qtif-bo(24054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054"
},
{
"name": "22333",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22333"
},
{
"name": "ADV-2006-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "22334",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22334"
},
{
"name": "16212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16212"
},
{
"name": "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
"refsource": "MISC",
"url": "http://www.cirt.dk/advisories/cirt-41-advisory.pdf"
},
{
"name": "16202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "332",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/332"
},
{
"name": "20060111 [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html"
},
{
"name": "1015463",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015463"
},
{
"name": "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
},
{
"name": "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421566/100/0/threaded"
},
{
"name": "VU#629845",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/629845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-2340",
"datePublished": "2006-01-11T18:00:00",
"dateReserved": "2005-07-21T00:00:00",
"dateUpdated": "2024-08-07T22:22:49.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3713 (GCVE-0-2005-3713)
Vulnerability from cvelistv5 – Published: 2006-01-11 18:00 – Updated: 2024-08-07 23:24
VLAI?
EPSS
Summary
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"
},
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "TA06-011A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-gif-bo(24060)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"
},
{
"name": "333",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/333"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "1015466",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015466"
},
{
"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "VU#913449",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/913449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"
},
{
"name": "22338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22338"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"
},
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "TA06-011A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-gif-bo(24060)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"
},
{
"name": "333",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/333"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "1015466",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015466"
},
{
"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "VU#913449",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/913449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"
},
{
"name": "22338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22338"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"
},
{
"name": "18370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18370"
},
{
"name": "TA06-011A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"
},
{
"name": "APPLE-SA-2006-01-10",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-gif-bo(24060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"
},
{
"name": "333",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/333"
},
{
"name": "ADV-2006-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "1015466",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015466"
},
{
"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"
},
{
"name": "16202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "VU#913449",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/913449"
},
{
"name": "http://www.eeye.com/html/research/advisories/AD20060111d.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"
},
{
"name": "22338",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22338"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3713",
"datePublished": "2006-01-11T18:00:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3709 (GCVE-0-2005-3709)
Vulnerability from cvelistv5 – Published: 2006-01-11 18:00 – Updated: 2024-08-07 23:24
VLAI?
EPSS
Summary
Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "1015464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015464"
},
{
"name": "22336",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22336"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "quicktime-tga-underflow(24058)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24058"
},
{
"name": "20060112 Fortinet Advisory: Apple QuickTime Player Color Map Entry Size Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0447.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "1015464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015464"
},
{
"name": "22336",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22336"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "quicktime-tga-underflow(24058)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24058"
},
{
"name": "20060112 Fortinet Advisory: Apple QuickTime Player Color Map Entry Size Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0447.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18370"
},
{
"name": "APPLE-SA-2006-01-10",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "1015464",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015464"
},
{
"name": "22336",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22336"
},
{
"name": "ADV-2006-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "quicktime-tga-underflow(24058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24058"
},
{
"name": "20060112 Fortinet Advisory: Apple QuickTime Player Color Map Entry Size Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0447.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3709",
"datePublished": "2006-01-11T18:00:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3707 (GCVE-0-2005-3707)
Vulnerability from cvelistv5 – Published: 2006-01-11 18:00 – Updated: 2024-08-07 23:24
VLAI?
EPSS
Summary
Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "quicktime-tga-bo(24056)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24056"
},
{
"name": "TA06-011A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "20060112 Fortinet Security Advisory: \"Apple QuickTime Player Improper Memory Access Vulnerability\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html"
},
{
"name": "1015464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015464"
},
{
"name": "22336",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22336"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "VU#115729",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/115729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "quicktime-tga-bo(24056)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24056"
},
{
"name": "TA06-011A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "20060112 Fortinet Security Advisory: \"Apple QuickTime Player Improper Memory Access Vulnerability\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html"
},
{
"name": "1015464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015464"
},
{
"name": "22336",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22336"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "VU#115729",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/115729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18370"
},
{
"name": "quicktime-tga-bo(24056)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24056"
},
{
"name": "TA06-011A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "APPLE-SA-2006-01-10",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "20060112 Fortinet Security Advisory: \"Apple QuickTime Player Improper Memory Access Vulnerability\"",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html"
},
{
"name": "1015464",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015464"
},
{
"name": "22336",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22336"
},
{
"name": "ADV-2006-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "VU#115729",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/115729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3707",
"datePublished": "2006-01-11T18:00:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3711 (GCVE-0-2005-3711)
Vulnerability from cvelistv5 – Published: 2006-01-11 18:00 – Updated: 2024-08-07 23:24
VLAI?
EPSS
Summary
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421831/100/0/threaded"
},
{
"name": "quicktime-tiff-overflow(24059)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
},
{
"name": "1015465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015465"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421799/100/0/threaded"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0442.html"
},
{
"name": "22337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) \"strips\" (StripByteCounts) or (2) \"bands\" (StripOffsets) values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421831/100/0/threaded"
},
{
"name": "quicktime-tiff-overflow(24059)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
},
{
"name": "1015465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015465"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421799/100/0/threaded"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0442.html"
},
{
"name": "22337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22337"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) \"strips\" (StripByteCounts) or (2) \"bands\" (StripOffsets) values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18370"
},
{
"name": "APPLE-SA-2006-01-10",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421831/100/0/threaded"
},
{
"name": "quicktime-tiff-overflow(24059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
},
{
"name": "1015465",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015465"
},
{
"name": "ADV-2006-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421799/100/0/threaded"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0442.html"
},
{
"name": "22337",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22337"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3711",
"datePublished": "2006-01-11T18:00:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4092 (GCVE-0-2005-4092)
Vulnerability from cvelistv5 – Published: 2005-12-08 11:00 – Updated: 2024-08-07 23:31
VLAI?
EPSS
Summary
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:49.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18370"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3133"
},
{
"name": "TA06-011A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "20060111 [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421635/100/0/threaded"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "15732",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15732"
},
{
"name": "1015356",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015356"
},
{
"name": "336",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/336"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security-protocols.com/advisory/sp-x21-advisory.txt"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security-protocols.com/advisory/sp-x21-advisory.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/upcoming/20051117b.html"
},
{
"name": "334",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/334"
},
{
"name": "1015396",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015396"
},
{
"name": "VU#921193",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/921193"
},
{
"name": "20060111 [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421569/100/0/threaded"
},
{
"name": "18149",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18149"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3109"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/upcoming/20051117a.html"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
},
{
"name": "ADV-2005-3012",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3012"
},
{
"name": "1015397",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18370"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3133"
},
{
"name": "TA06-011A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "20060111 [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421635/100/0/threaded"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "15732",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15732"
},
{
"name": "1015356",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015356"
},
{
"name": "336",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/336"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security-protocols.com/advisory/sp-x21-advisory.txt"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security-protocols.com/advisory/sp-x21-advisory.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/research/upcoming/20051117b.html"
},
{
"name": "334",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/334"
},
{
"name": "1015396",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015396"
},
{
"name": "VU#921193",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/921193"
},
{
"name": "20060111 [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421569/100/0/threaded"
},
{
"name": "18149",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18149"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3109"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/research/upcoming/20051117a.html"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
},
{
"name": "ADV-2005-3012",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3012"
},
{
"name": "1015397",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015397"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18370"
},
{
"name": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3133",
"refsource": "MISC",
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3133"
},
{
"name": "TA06-011A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "20060111 [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421635/100/0/threaded"
},
{
"name": "APPLE-SA-2006-01-10",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "15732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15732"
},
{
"name": "1015356",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015356"
},
{
"name": "336",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/336"
},
{
"name": "http://security-protocols.com/advisory/sp-x21-advisory.txt",
"refsource": "MISC",
"url": "http://security-protocols.com/advisory/sp-x21-advisory.txt"
},
{
"name": "ADV-2006-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "http://www.security-protocols.com/advisory/sp-x21-advisory.txt",
"refsource": "MISC",
"url": "http://www.security-protocols.com/advisory/sp-x21-advisory.txt"
},
{
"name": "http://www.eeye.com/html/research/upcoming/20051117b.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/upcoming/20051117b.html"
},
{
"name": "334",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/334"
},
{
"name": "1015396",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015396"
},
{
"name": "VU#921193",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/921193"
},
{
"name": "20060111 [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421569/100/0/threaded"
},
{
"name": "18149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18149"
},
{
"name": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3109",
"refsource": "MISC",
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3109"
},
{
"name": "http://www.eeye.com/html/research/upcoming/20051117a.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/upcoming/20051117a.html"
},
{
"name": "20060111 Updated Advisories - Incorrect CVE Information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
},
{
"name": "ADV-2005-3012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3012"
},
{
"name": "1015397",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015397"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4092",
"datePublished": "2005-12-08T11:00:00",
"dateReserved": "2005-12-08T00:00:00",
"dateUpdated": "2024-08-07T23:31:49.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3710 (GCVE-0-2005-3710)
Vulnerability from cvelistv5 – Published: 2006-01-11 18:00 – Updated: 2024-08-07 23:24
VLAI?
EPSS
Summary
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "TA06-011A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421797/100/0/threaded"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-tiff-overflow(24059)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
},
{
"name": "1015465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015465"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "VU#150753",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/150753"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html"
},
{
"name": "347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/347"
},
{
"name": "22337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "TA06-011A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421797/100/0/threaded"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-tiff-overflow(24059)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
},
{
"name": "1015465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015465"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "VU#150753",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/150753"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html"
},
{
"name": "347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/347"
},
{
"name": "22337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22337"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18370"
},
{
"name": "TA06-011A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421797/100/0/threaded"
},
{
"name": "APPLE-SA-2006-01-10",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-tiff-overflow(24059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
},
{
"name": "1015465",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015465"
},
{
"name": "ADV-2006-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "VU#150753",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/150753"
},
{
"name": "16202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html"
},
{
"name": "347",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/347"
},
{
"name": "22337",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22337"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3710",
"datePublished": "2006-01-11T18:00:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3708 (GCVE-0-2005-3708)
Vulnerability from cvelistv5 – Published: 2006-01-11 18:00 – Updated: 2024-08-07 23:24
VLAI?
EPSS
Summary
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-tga-overflow(24057)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24057"
},
{
"name": "1015464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015464"
},
{
"name": "22336",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22336"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18370"
},
{
"name": "APPLE-SA-2006-01-10",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-tga-overflow(24057)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24057"
},
{
"name": "1015464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015464"
},
{
"name": "22336",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22336"
},
{
"name": "ADV-2006-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16202"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18370"
},
{
"name": "APPLE-SA-2006-01-10",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-tga-overflow(24057)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24057"
},
{
"name": "1015464",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015464"
},
{
"name": "22336",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22336"
},
{
"name": "ADV-2006-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16202"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3708",
"datePublished": "2006-01-11T18:00:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…