cvelistv5 - CVE-2005-3710

CVE-2005-3710

Vulnerability from cvelistv5

Published

2006-01-11 18:00

Modified

2024-08-07 23:24

Severity ?

Summary

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=303101	Patch
cve@mitre.org	http://secunia.com/advisories/18370	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/347
cve@mitre.org	http://securitytracker.com/id?1015465
cve@mitre.org	http://www.kb.cert.org/vuls/id/150753	US Government Resource
cve@mitre.org	http://www.osvdb.org/22337
cve@mitre.org	http://www.securityfocus.com/archive/1/421797/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/16202	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-011A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/0128	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/24059

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:24:35.121Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "18370",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18370"
          },
          {
            "name": "TA06-011A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
          },
          {
            "name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/421797/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2006-01-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=303101"
          },
          {
            "name": "quicktime-tiff-overflow(24059)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
          },
          {
            "name": "1015465",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015465"
          },
          {
            "name": "ADV-2006-0128",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0128"
          },
          {
            "name": "VU#150753",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/150753"
          },
          {
            "name": "16202",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16202"
          },
          {
            "name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html"
          },
          {
            "name": "347",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/347"
          },
          {
            "name": "22337",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/22337"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "18370",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18370"
        },
        {
          "name": "TA06-011A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
        },
        {
          "name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/421797/100/0/threaded"
        },
        {
          "name": "APPLE-SA-2006-01-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=303101"
        },
        {
          "name": "quicktime-tiff-overflow(24059)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
        },
        {
          "name": "1015465",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015465"
        },
        {
          "name": "ADV-2006-0128",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0128"
        },
        {
          "name": "VU#150753",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/150753"
        },
        {
          "name": "16202",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16202"
        },
        {
          "name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html"
        },
        {
          "name": "347",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/347"
        },
        {
          "name": "22337",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/22337"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3710",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18370",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18370"
            },
            {
              "name": "TA06-011A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
            },
            {
              "name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/421797/100/0/threaded"
            },
            {
              "name": "APPLE-SA-2006-01-10",
              "refsource": "APPLE",
              "url": "http://docs.info.apple.com/article.html?artnum=303101"
            },
            {
              "name": "quicktime-tiff-overflow(24059)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
            },
            {
              "name": "1015465",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015465"
            },
            {
              "name": "ADV-2006-0128",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0128"
            },
            {
              "name": "VU#150753",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/150753"
            },
            {
              "name": "16202",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16202"
            },
            {
              "name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html"
            },
            {
              "name": "347",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/347"
            },
            {
              "name": "22337",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/22337"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3710",
    "datePublished": "2006-01-11T18:00:00",
    "dateReserved": "2005-11-16T00:00:00",
    "dateUpdated": "2024-08-07T23:24:35.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-3710\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-12-31T05:00:00.000\",\"lastModified\":\"2018-10-19T15:38:54.153\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0.3\",\"matchCriteriaId\":\"02607C2D-80F9-454B-A82C-0F892826AA99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8692B488-129A-49EA-AF84-6077FCDBB898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1758610B-3789-489E-A751-386D605E5A08\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=303101\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/18370\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/347\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015465\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/150753\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/22337\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/421797/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/16202\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-011A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0128\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24059\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

ghsa-jmfv-56fc-p5v2

Vulnerability from github

Published

2022-05-01 02:20

Modified

2022-05-01 02:20

Details

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-3710"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-12-31T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.",
  "id": "GHSA-jmfv-56fc-p5v2",
  "modified": "2022-05-01T02:20:27Z",
  "published": "2022-05-01T02:20:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3710"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=303101"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18370"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/347"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015465"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/150753"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/22337"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/421797/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16202"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Apple's QuickTime is a player for files and streaming media in a variety of different formats. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote integer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TIFF file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-03

Apple QuickTime Player ImageWidth Denial of Service Vulnerability

Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : Medium Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info

Description : Fortinet Security Research Team (FSRT) has discovered a Denial of Service Vulnerability in the Apple QuickTime Player. This is due to application failure to sanitize the parameter ImageWidth value while parsing TIFF image files.

Impact : Denial of Service

Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update.

Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update.

Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                    National Cyber Alert System

             Technical Cyber Security Alert TA06-011A

Apple QuickTime Vulnerabilities

Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT

Systems Affected

Apple QuickTime on systems running

 * Apple Mac OS X
 * Microsoft Windows XP
 * Microsoft Windows 2000

Overview

Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.

I. Description

Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713)

II. Impact

The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service.

III. Solution

Upgrade

Upgrade to QuickTime 7.0.4.

Appendix A. References

 * US-CERT Vulnerability Note VU#629845 -
   <http://www.kb.cert.org/vuls/id/629845>

 * US-CERT Vulnerability Note VU#921193 -
   <http://www.kb.cert.org/vuls/id/921193>

 * US-CERT Vulnerability Note VU#115729 -
   <http://www.kb.cert.org/vuls/id/115729>

 * US-CERT Vulnerability Note VU#150753 -
   <http://www.kb.cert.org/vuls/id/150753>

 * US-CERT Vulnerability Note VU#913449 -
   <http://www.kb.cert.org/vuls/id/913449>

 * CVE-2005-2340 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>

 * CVE-2005-4092 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>

 * CVE-2005-3707 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>

 * CVE-2005-3710 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>

 * CVE-2005-3713 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>

 * Security Content for QuickTime 7.0.4 -
   <http://docs.info.apple.com/article.html?artnum=303101>

 * QuickTime 7.0.4 -
   <http://www.apple.com/support/downloads/quicktime704.html>

 * About the Mac OS X 10.4.4 Update (Delta) -
   <http://docs.info.apple.com/article.html?artnum=302810>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA06-011A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-011A Feedback VU#913449" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2006 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

January 11, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200512-0297",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 4.0,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "windows 2000",
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "BID",
        "id": "16867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-926"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3710"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3710"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dejun Meng  vulnmonitor@fortinet.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-926"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2005-3710",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": true,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-14918",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-3710",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#921193",
            "trust": 0.8,
            "value": "43.88"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#629845",
            "trust": 0.8,
            "value": "18.23"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#115729",
            "trust": 0.8,
            "value": "3.85"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#150753",
            "trust": 0.8,
            "value": "32.63"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#913449",
            "trust": 0.8,
            "value": "3.85"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200512-926",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-14918",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14918"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-926"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3710"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Apple\u0027s QuickTime is a player for files and streaming media in a variety of different formats. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote integer-overflow vulnerability. \nThis issue presents itself when the application processes a specially crafted TIFF file. \nA successful attack can result in a remote compromise. \nVersions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-03\n\nApple QuickTime Player ImageWidth Denial of Service Vulnerability\n\nAdvisory Date      : January 12, 2006\nReported Date      : November 28, 2005\nVendor             : Apple computers\nAffected Products  : Apple QuickTime Player v7.0.3\nSeverity           : Medium\nReference      : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710\n                 http://docs.info.apple.com/article.html?artnum=303101\n                 http://www.securityfocus.com/bid/16202/info\n\nDescription        :  Fortinet Security Research Team (FSRT) has\ndiscovered a Denial of Service Vulnerability in the Apple QuickTime\nPlayer. This is due to application failure to\nsanitize the parameter ImageWidth value while parsing TIFF image files. \n\nImpact             : Denial of Service\n\nSolution           : Apple Computers has released a security update for\nthis vulnerability, which is available for downloading from Apples\u0027s web\nsite under security update. \n\nFortinet Protection: Fortinet is protecting network from this\nvulnerability with latest IPS update. \n\nAcknowledgment     : Dejun Meng of Fortinet Security Research team found\nthis vulnerability. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n   \n                        National Cyber Alert System\n\n                 Technical Cyber Security Alert TA06-011A\n\n\nApple QuickTime Vulnerabilities\n\n   Original release date: January 11, 2006\n   Last revised: January 11, 2006\n   Source: US-CERT\n\nSystems Affected\n\n   Apple QuickTime on systems running\n\n     * Apple Mac OS X\n     * Microsoft Windows XP\n     * Microsoft Windows 2000\n\n\nOverview\n\n   Apple has released QuickTime 7.0.4 to correct multiple\n   vulnerabilities. The impacts of these vulnerabilities include\n   execution of arbitrary code and denial of service. \n\n\nI. Description\n\n   Apple QuickTime 7.0.4 resolves a number of image and media file\n   handling vulnerabilities. \n   (CAN-2005-3713)\n\n\nII. Impact\n\n   The impacts of these vulnerabilities vary. For information about\n   specific impacts, please see the Vulnerability Notes. Potential\n   consequences include remote execution of arbitrary code or commands\n   and denial of service. \n\n\nIII. Solution\n\nUpgrade\n\n   Upgrade to QuickTime 7.0.4. \n\n\nAppendix A. References\n\n     * US-CERT Vulnerability Note VU#629845 -\n       \u003chttp://www.kb.cert.org/vuls/id/629845\u003e\n\n     * US-CERT Vulnerability Note VU#921193 -\n       \u003chttp://www.kb.cert.org/vuls/id/921193\u003e\n\n     * US-CERT Vulnerability Note VU#115729 -\n       \u003chttp://www.kb.cert.org/vuls/id/115729\u003e\n\n     * US-CERT Vulnerability Note VU#150753 -\n       \u003chttp://www.kb.cert.org/vuls/id/150753\u003e\n\n     * US-CERT Vulnerability Note VU#913449 -\n       \u003chttp://www.kb.cert.org/vuls/id/913449\u003e\n\n     * CVE-2005-2340 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340\u003e\n\n     * CVE-2005-4092 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092\u003e\n\n     * CVE-2005-3707 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707\u003e\n\n     * CVE-2005-3710 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710\u003e\n\n     * CVE-2005-3713 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713\u003e\n\n     * Security Content for QuickTime 7.0.4 -\n       \u003chttp://docs.info.apple.com/article.html?artnum=303101\u003e\n\n     * QuickTime 7.0.4 -\n       \u003chttp://www.apple.com/support/downloads/quicktime704.html\u003e\n\n     * About the Mac OS X 10.4.4 Update (Delta) -\n       \u003chttp://docs.info.apple.com/article.html?artnum=302810\u003e\n\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA06-011A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA06-011A Feedback VU#913449\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2006 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n\nRevision History\n\n   January 11, 2006: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj\n34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey\nAdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/\nHpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL\nosieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy\n0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==\n=5Kiq\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3710"
      },
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "db": "BID",
        "id": "16867"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14918"
      },
      {
        "db": "PACKETSTORM",
        "id": "43079"
      },
      {
        "db": "PACKETSTORM",
        "id": "43062"
      }
    ],
    "trust": 5.76
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "18370",
        "trust": 4.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3710",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "16202",
        "trust": 2.6
      },
      {
        "db": "USCERT",
        "id": "TA06-011A",
        "trust": 2.6
      },
      {
        "db": "OSVDB",
        "id": "22337",
        "trust": 2.5
      },
      {
        "db": "CERT/CC",
        "id": "VU#921193",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-0128",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1015465",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "347",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1015466",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-926",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA06-011A",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8392",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8392\u203b8395\u203b8394\u203b8393",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8395",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8393",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8394",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2006-01-10",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "24059",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20060112 FORTINET ADVISORY - APPLE QUICKTIME PLAYER IMAGEWIDTH DENIAL OF SERVICE VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060112 FORTINET ADVISORY - APPLE QUICKTIME PLAYER IMAGEWIDTH DENIAL OF SERVICE VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "16867",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "43079",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-14918",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "43062",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14918"
      },
      {
        "db": "BID",
        "id": "16867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "db": "PACKETSTORM",
        "id": "43079"
      },
      {
        "db": "PACKETSTORM",
        "id": "43062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-926"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3710"
      }
    ]
  },
  "id": "VAR-200512-0297",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14918"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T22:24:53.525000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Download the Standalone QuickTime Player",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/quicktime/download/standalone.html"
      },
      {
        "title": "TA23845",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ta23845?viewlocale=ja_jp"
      },
      {
        "title": "TA06-011A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-011a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14918"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3710"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 5.0,
        "url": "http://docs.info.apple.com/article.html?artnum=303101"
      },
      {
        "trust": 3.2,
        "url": "http://secunia.com/advisories/18370/"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/16202"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/150753"
      },
      {
        "trust": 1.7,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/22337"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1015465"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/18370"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/347"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/421797/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/0128"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710"
      },
      {
        "trust": 0.8,
        "url": "http://www.eeye.com/html/research/advisories/ad20060111a.html"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=22337"
      },
      {
        "trust": 0.8,
        "url": "http://www.eeye.com/html/research/advisories/ad20060111d.html"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2006/jan/1015466.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-011a/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-4092"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3707"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3710"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3713"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/629845"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/921193"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/115729"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/913449"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/0128"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/24059"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/421797/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/8392\u203b8395\u203b8394\u203b8393"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/quicktime/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3710"
      },
      {
        "trust": 0.1,
        "url": "http://www.securityfocus.com/bid/16202/info"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/913449\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-4092"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/629845\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=302810\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/115729\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2340\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3707"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/quicktime704.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2340"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/921193\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3713"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/150753\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=303101\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14918"
      },
      {
        "db": "BID",
        "id": "16867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "db": "PACKETSTORM",
        "id": "43079"
      },
      {
        "db": "PACKETSTORM",
        "id": "43062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-926"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3710"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14918"
      },
      {
        "db": "BID",
        "id": "16867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "db": "PACKETSTORM",
        "id": "43079"
      },
      {
        "db": "PACKETSTORM",
        "id": "43062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-926"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3710"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "date": "2005-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14918"
      },
      {
        "date": "2006-01-10T00:00:00",
        "db": "BID",
        "id": "16867"
      },
      {
        "date": "2009-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "date": "2006-01-15T16:42:59",
        "db": "PACKETSTORM",
        "id": "43079"
      },
      {
        "date": "2006-01-15T15:39:24",
        "db": "PACKETSTORM",
        "id": "43062"
      },
      {
        "date": "2005-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-926"
      },
      {
        "date": "2005-12-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2005-3710"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-01-12T00:00:00",
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "date": "2006-01-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "date": "2006-01-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "date": "2006-01-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "date": "2018-10-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14918"
      },
      {
        "date": "2008-05-01T21:16:00",
        "db": "BID",
        "id": "16867"
      },
      {
        "date": "2009-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "date": "2006-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-926"
      },
      {
        "date": "2018-10-19T15:38:54.153000",
        "db": "NVD",
        "id": "CVE-2005-3710"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "43079"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-926"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple QuickTime fails to properly handle corrupt media files",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-926"
      }
    ],
    "trust": 0.6
  }
}

gsd-2005-3710

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.

Aliases

CVE-2005-3710

Aliases

CVE-2005-3710

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3710",
    "description": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.",
    "id": "GSD-2005-3710"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3710"
      ],
      "details": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.",
      "id": "GSD-2005-3710",
      "modified": "2023-12-13T01:20:12.490634Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3710",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "18370",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18370"
          },
          {
            "name": "TA06-011A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
          },
          {
            "name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/421797/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2006-01-10",
            "refsource": "APPLE",
            "url": "http://docs.info.apple.com/article.html?artnum=303101"
          },
          {
            "name": "quicktime-tiff-overflow(24059)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
          },
          {
            "name": "1015465",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015465"
          },
          {
            "name": "ADV-2006-0128",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/0128"
          },
          {
            "name": "VU#150753",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/150753"
          },
          {
            "name": "16202",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/16202"
          },
          {
            "name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html"
          },
          {
            "name": "347",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/347"
          },
          {
            "name": "22337",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/22337"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3710"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2006-01-10",
              "refsource": "APPLE",
              "tags": [
                "Patch"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=303101"
            },
            {
              "name": "16202",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/16202"
            },
            {
              "name": "18370",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18370"
            },
            {
              "name": "TA06-011A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
            },
            {
              "name": "VU#150753",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/150753"
            },
            {
              "name": "22337",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/22337"
            },
            {
              "name": "1015465",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015465"
            },
            {
              "name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html"
            },
            {
              "name": "347",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/347"
            },
            {
              "name": "ADV-2006-0128",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0128"
            },
            {
              "name": "quicktime-tiff-overflow(24059)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
            },
            {
              "name": "20060112 Fortinet Advisory - Apple QuickTime Player ImageWidth Denial of Service Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/421797/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-19T15:38Z",
      "publishedDate": "2005-12-31T05:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2005-3710

Vulnerability from cvelistv5

ghsa-jmfv-56fc-p5v2

Vulnerability from github

var-200512-0297

Vulnerability from variot

gsd-2005-3710

Vulnerability from gsd

Tags

Sightings

Nomenclature