Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-1391 (GCVE-0-2014-1391)
Vulnerability from cvelistv5 – Published: 2014-09-19 10:00 – Updated: 2024-08-06 09:42
VLAI?
EPSS
Summary
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6493"
},
{
"name": "1030868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030868"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "69907",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69907"
},
{
"name": "macosx-cve20141391-code-exec(96049)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6493"
},
{
"name": "1030868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030868"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "69907",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69907"
},
{
"name": "macosx-cve20141391-code-exec(96049)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT6493",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6493"
},
{
"name": "1030868",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030868"
},
{
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "69907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69907"
},
{
"name": "macosx-cve20141391-code-exec(96049)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-1391",
"datePublished": "2014-09-19T10:00:00",
"dateReserved": "2014-01-08T00:00:00",
"dateUpdated": "2024-08-06T09:42:35.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D318511-0594-4EE0-BA09-1FA110CFDD17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3D30B4B-DA63-40B0-B0C9-F3992CF25706\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A48A5310-A589-4E9B-99BC-F840CC1A6A44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F241EBFB-CCB3-4D16-B476-AC1578D3C435\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AEAD650-87D1-49BB-A8C7-BA39FD47285C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BB54764-186F-490D-A17A-4FA1180A854B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0D6629C-8842-4AC1-99BC-A0F9A2967B54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8751C7BF-EDDA-4B23-9BE4-5F62B409198D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.\"}, {\"lang\": \"es\", \"value\": \"QT Media Foundation en Apple OS X anterior a 10.9.5 permite a atacantes remotos ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria y ca\\u00edda de la aplicaci\\u00f3n) a trav\\u00e9s de un fichero de v\\u00eddeo con codificaci\\u00f3n RLE.\"}]",
"id": "CVE-2014-1391",
"lastModified": "2024-11-21T02:04:12.703",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2014-09-19T10:55:03.403",
"references": "[{\"url\": \"http://support.apple.com/kb/HT6443\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/69907\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securitytracker.com/id/1030868\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/96049\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/kb/HT6493\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://support.apple.com/kb/HT6443\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/69907\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1030868\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/96049\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT6493\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-1391\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2014-09-19T10:55:03.403\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.\"},{\"lang\":\"es\",\"value\":\"QT Media Foundation en Apple OS X anterior a 10.9.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero de v\u00eddeo con codificaci\u00f3n RLE.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D318511-0594-4EE0-BA09-1FA110CFDD17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D30B4B-DA63-40B0-B0C9-F3992CF25706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A48A5310-A589-4E9B-99BC-F840CC1A6A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F241EBFB-CCB3-4D16-B476-AC1578D3C435\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AEAD650-87D1-49BB-A8C7-BA39FD47285C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BB54764-186F-490D-A17A-4FA1180A854B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0D6629C-8842-4AC1-99BC-A0F9A2967B54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8751C7BF-EDDA-4B23-9BE4-5F62B409198D\"}]}]}],\"references\":[{\"url\":\"http://support.apple.com/kb/HT6443\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/69907\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securitytracker.com/id/1030868\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/96049\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/kb/HT6493\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT6443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/69907\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1030868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/96049\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT6493\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
FKIE_CVE-2014-1391
Vulnerability from fkie_nvd - Published: 2014-09-19 10:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D318511-0594-4EE0-BA09-1FA110CFDD17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D30B4B-DA63-40B0-B0C9-F3992CF25706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A48A5310-A589-4E9B-99BC-F840CC1A6A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F241EBFB-CCB3-4D16-B476-AC1578D3C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEAD650-87D1-49BB-A8C7-BA39FD47285C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB54764-186F-490D-A17A-4FA1180A854B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D6629C-8842-4AC1-99BC-A0F9A2967B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8751C7BF-EDDA-4B23-9BE4-5F62B409198D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding."
},
{
"lang": "es",
"value": "QT Media Foundation en Apple OS X anterior a 10.9.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero de v\u00eddeo con codificaci\u00f3n RLE."
}
],
"id": "CVE-2014-1391",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-19T10:55:03.403",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/69907"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1030868"
},
{
"source": "product-security@apple.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
},
{
"source": "product-security@apple.com",
"url": "https://support.apple.com/kb/HT6493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT6493"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-201409-0533
Vulnerability from variot - Updated: 2023-12-18 11:09QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of RLE encoded data in the mdat atom. An attacker can use this flaw to write outside the allocated buffer, which could allow for the execution of arbitrary code in the context of the current process. Apple Mac OS X is prone to a memory-corruption vulnerability because it fails to perform adequate bounds checks on user-supplied input. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Apple OS X is a dedicated operating system developed by Apple for Mac computers. A security vulnerability exists in QT Media Foundation versions prior to Apple OS X 10.9.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following:
apache_mod_php Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in PHP 5.4.24 Description: Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30 CVE-ID CVE-2013-7345 CVE-2014-0185 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3981 CVE-2014-4049
Bluetooth Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of a Bluetooth API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4390 : Ian Beer of Google Project Zero
CoreGraphics Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
CoreGraphics Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
Foundation Available for: OS X Mavericks 10.9 to 10.9.4 Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Compiling untrusted GLSL shaders may lead to an unexpected application termination or arbitrary code execution Description: A user-space buffer overflow existed in the shader compiler. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4393 : Apple
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking. CVE-ID CVE-2014-4394 : Ian Beer of Google Project Zero CVE-2014-4395 : Ian Beer of Google Project Zero CVE-2014-4396 : Ian Beer of Google Project Zero CVE-2014-4397 : Ian Beer of Google Project Zero CVE-2014-4398 : Ian Beer of Google Project Zero CVE-2014-4399 : Ian Beer of Google Project Zero CVE-2014-4400 : Ian Beer of Google Project Zero CVE-2014-4401 : Ian Beer of Google Project Zero CVE-2014-4416 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4376 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read issue existed in the handling of an IOAcceleratorFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4402 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4379 : Ian Beer of Google Project Zero
IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4388 : @PanguTeam
IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A local user can infer kernel addresses and bypass kernel address space layout randomization Description: In some cases, the CPU Global Descriptor Table was allocated at a predictable address. This issue was addressed through always allocating the Global Descriptor Table at random addresses. CVE-ID CVE-2014-4403 : Ian Beer of Google Project Zero
Libnotify Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking CVE-ID CVE-2014-4381 : Ian Beer of Google Project Zero
OpenSSL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MIDI files. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative
ruby Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A heap buffer overflow existed in LibYAML's handling of percent-encoded characters in a URI. This issue was addressed through improved bounds checking. This update addresses the issues by updating LibYAML to version 0.1.6 CVE-ID CVE-2014-2525
Note: OS X Mavericks 10.9.5 includes the security content of Safari 7.0.6: http://support.apple.com/kb/HT6367
OS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+ Ct0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh CiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V sCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1 hFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ Jb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw ZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW 5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA 3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl QHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP kCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf k4w2RKNm0Fv+kdNoFAnd =gpVc -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0533",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 2.4,
"vendor": "apple",
"version": "10.7.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 2.4,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 2.4,
"vendor": "apple",
"version": "10.7.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.9.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.9.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.9.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.9"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.9.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9 to 10.9.4"
},
{
"model": "quicktime",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.6(1671)"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.64.17.73"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-325"
},
{
"db": "BID",
"id": "69907"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004334"
},
{
"db": "NVD",
"id": "CVE-2014-1391"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-699"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1391"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tom Gallagher \u0026 Paul Bates",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-325"
}
],
"trust": 0.7
},
"cve": "CVE-2014-1391",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-1391",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-69330",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1391",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2014-1391",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-699",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69330",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-325"
},
{
"db": "VULHUB",
"id": "VHN-69330"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004334"
},
{
"db": "NVD",
"id": "CVE-2014-1391"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-699"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of RLE encoded data in the mdat atom. An attacker can use this flaw to write outside the allocated buffer, which could allow for the execution of arbitrary code in the context of the current process. Apple Mac OS X is prone to a memory-corruption vulnerability because it fails to perform adequate bounds checks on user-supplied input. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Apple OS X is a dedicated operating system developed by Apple for Mac computers. A security vulnerability exists in QT Media Foundation versions prior to Apple OS X 10.9.5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update\n2014-004\n\nOS X Mavericks 10.9.5 and Security Update 2014-004 are now available\nand address the following:\n\napache_mod_php\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: Multiple vulnerabilities in PHP 5.4.24\nDescription: Multiple vulnerabilities existed in PHP 5.4.24, the\nmost serious of which may have led to arbitrary code execution. This\nupdate addresses the issues by updating PHP to version 5.4.30\nCVE-ID\nCVE-2013-7345\nCVE-2014-0185\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-1943\nCVE-2014-2270\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3515\nCVE-2014-3981\nCVE-2014-4049\n\nBluetooth\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of a\nBluetooth API call. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4390 : Ian Beer of Google Project Zero\n\nCoreGraphics\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or an information disclosure\nDescription: An out of bounds memory read existed in the handling of\nPDF files. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nCoreGraphics\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in the handling of PDF\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nFoundation\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: An application using NSXMLParser may be misused to disclose\ninformation\nDescription: An XML External Entity issue existed in NSXMLParser\u0027s\nhandling of XML. This issue was addressed by not loading external\nentities across origins. \nCVE-ID\nCVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: Compiling untrusted GLSL shaders may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: A user-space buffer overflow existed in the shader\ncompiler. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4393 : Apple\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple validation issues existed in some integrated\ngraphics driver routines. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4394 : Ian Beer of Google Project Zero\nCVE-2014-4395 : Ian Beer of Google Project Zero\nCVE-2014-4396 : Ian Beer of Google Project Zero\nCVE-2014-4397 : Ian Beer of Google Project Zero\nCVE-2014-4398 : Ian Beer of Google Project Zero\nCVE-2014-4399 : Ian Beer of Google Project Zero\nCVE-2014-4400 : Ian Beer of Google Project Zero\nCVE-2014-4401 : Ian Beer of Google Project Zero\nCVE-2014-4416 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in the handling of\nIOKit API arguments. This issue was addressed through improved\nvalidation of IOKit API arguments. \nCVE-ID\nCVE-2014-4376 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An out-of-bounds read issue existed in the handling of\nan IOAcceleratorFamily function. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4402 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A local user can read kernel pointers, which can be used to\nbypass kernel address space layout randomization\nDescription: An out-of-bounds read issue existed in the handling of\nan IOHIDFamily function. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-4379 : Ian Beer of Google Project Zero\n\nIOKit\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-4388 : @PanguTeam\n\nIOKit\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer overflow existed in the handling of IOKit\nfunctions. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4389 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A local user can infer kernel addresses and bypass kernel\naddress space layout randomization\nDescription: In some cases, the CPU Global Descriptor Table was\nallocated at a predictable address. This issue was addressed through\nalways allocating the Global Descriptor Table at random addresses. \nCVE-ID\nCVE-2014-4403 : Ian Beer of Google Project Zero\n\nLibnotify\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription: An out-of-bounds write issue existed in Libnotify. This\nissue was addressed through improved bounds checking\nCVE-ID\nCVE-2014-4381 : Ian Beer of Google Project Zero\n\nOpenSSL\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one\nthat may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8y. \nThis update was addressed by updating OpenSSL to version 0.9.8za. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom\nGallagher \u0026 Paul Bates working with HP\u0027s Zero Day Initiative\n\nQT Media Foundation\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Playing a maliciously crafted MIDI file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of MIDI\nfiles. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4979 : Andrea Micalizzi aka rgod working with HP\u0027s Zero Day\nInitiative\n\nruby\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A heap buffer overflow existed in LibYAML\u0027s handling of\npercent-encoded characters in a URI. This issue was addressed through\nimproved bounds checking. This update addresses the issues by\nupdating LibYAML to version 0.1.6\nCVE-ID\nCVE-2014-2525\n\n\nNote: OS X Mavericks 10.9.5 includes the security content of\nSafari 7.0.6: http://support.apple.com/kb/HT6367\n\nOS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+\nCt0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh\nCiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V\nsCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1\nhFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ\nJb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw\nZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW\n5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA\n3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl\nQHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP\nkCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf\nk4w2RKNm0Fv+kdNoFAnd\n=gpVc\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1391"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004334"
},
{
"db": "ZDI",
"id": "ZDI-14-325"
},
{
"db": "BID",
"id": "69907"
},
{
"db": "VULHUB",
"id": "VHN-69330"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "128840"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1391",
"trust": 3.7
},
{
"db": "BID",
"id": "69907",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1030868",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU93868849",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004334",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1996",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-325",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201409-699",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "128840",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-69330",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128315",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-325"
},
{
"db": "VULHUB",
"id": "VHN-69330"
},
{
"db": "BID",
"id": "69907"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004334"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "128840"
},
{
"db": "NVD",
"id": "CVE-2014-1391"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-699"
}
]
},
"id": "VAR-201409-0533",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69330"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:09:15.008000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT6443",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6443"
},
{
"title": "HT6443",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6443?viewlocale=ja_jp"
},
{
"title": "Apple has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://support.apple.com/kb/ht1222"
},
{
"title": "OSXUpd10.9.5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51639"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-325"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004334"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-699"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69330"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004334"
},
{
"db": "NVD",
"id": "CVE-2014-1391"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht6443"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/69907"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6493"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030868"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
},
{
"trust": 0.9,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1391"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93868849/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1391"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4350"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "http://gpgtools.org"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4378"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4376"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4377"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
},
{
"trust": 0.1,
"url": "http://www.vsecurity.com/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht6367"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4979"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-325"
},
{
"db": "VULHUB",
"id": "VHN-69330"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004334"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "128840"
},
{
"db": "NVD",
"id": "CVE-2014-1391"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-699"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-14-325"
},
{
"db": "VULHUB",
"id": "VHN-69330"
},
{
"db": "BID",
"id": "69907"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004334"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "128840"
},
{
"db": "NVD",
"id": "CVE-2014-1391"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-699"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "ZDI",
"id": "ZDI-14-325"
},
{
"date": "2014-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-69330"
},
{
"date": "2014-09-17T00:00:00",
"db": "BID",
"id": "69907"
},
{
"date": "2014-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004334"
},
{
"date": "2014-09-19T15:26:13",
"db": "PACKETSTORM",
"id": "128315"
},
{
"date": "2014-10-24T20:29:35",
"db": "PACKETSTORM",
"id": "128840"
},
{
"date": "2014-09-19T10:55:03.403000",
"db": "NVD",
"id": "CVE-2014-1391"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-699"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-22T00:00:00",
"db": "ZDI",
"id": "ZDI-14-325"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-69330"
},
{
"date": "2014-10-29T00:58:00",
"db": "BID",
"id": "69907"
},
{
"date": "2014-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004334"
},
{
"date": "2017-08-29T01:34:24.653000",
"db": "NVD",
"id": "CVE-2014-1391"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-699"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-699"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X of QT Media Foundation Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004334"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-699"
}
],
"trust": 0.6
}
}
CERTFR-2014-AVI-393
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | Safari | Apple Safari versions antérieures à 6.2 | ||
| Apple | N/A | Apple OS X Server versions antérieures à 3.2.1 | ||
| Apple | N/A | Apple iOS versions antérieures à 8 | ||
| Apple | N/A | Apple OS X Mavericks versions antérieures à 10.9.5 | ||
| Apple | N/A | Apple TV versions antérieures à 7 | ||
| Apple | N/A | Apple Xcode versions antérieures à 6.0.1 | ||
| Apple | Safari | Apple Safari versions antérieures à 7.1 | ||
| Apple | N/A | Apple OS X Server versions antérieures à 2.2.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 6.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Server versions ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iOS versions ant\u00e9rieures \u00e0 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Mavericks versions ant\u00e9rieures \u00e0 10.9.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple TV versions ant\u00e9rieures \u00e0 7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Xcode versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 7.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Server versions ant\u00e9rieures \u00e0 2.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4396",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4396"
},
{
"name": "CVE-2014-1389",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1389"
},
{
"name": "CVE-2014-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4424"
},
{
"name": "CVE-2014-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3479"
},
{
"name": "CVE-2014-4394",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4394"
},
{
"name": "CVE-2014-0238",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0238"
},
{
"name": "CVE-2014-1348",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1348"
},
{
"name": "CVE-2014-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4410"
},
{
"name": "CVE-2014-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
},
{
"name": "CVE-2014-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0207"
},
{
"name": "CVE-2014-4369",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4369"
},
{
"name": "CVE-2014-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4378"
},
{
"name": "CVE-2014-4379",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4379"
},
{
"name": "CVE-2014-4375",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4375"
},
{
"name": "CVE-2014-4406",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4406"
},
{
"name": "CVE-2014-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
},
{
"name": "CVE-2014-4377",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4377"
},
{
"name": "CVE-2014-4395",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4395"
},
{
"name": "CVE-2014-4418",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4418"
},
{
"name": "CVE-2014-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4399"
},
{
"name": "CVE-2014-4397",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4397"
},
{
"name": "CVE-2013-6835",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6835"
},
{
"name": "CVE-2014-4366",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4366"
},
{
"name": "CVE-2014-4422",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4422"
},
{
"name": "CVE-2014-4367",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4367"
},
{
"name": "CVE-2014-4398",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4398"
},
{
"name": "CVE-2014-4380",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4380"
},
{
"name": "CVE-2014-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0185"
},
{
"name": "CVE-2014-4364",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4364"
},
{
"name": "CVE-2014-4372",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4372"
},
{
"name": "CVE-2014-4362",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4362"
},
{
"name": "CVE-2014-0032",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0032"
},
{
"name": "CVE-2014-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4415"
},
{
"name": "CVE-2014-4411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4411"
},
{
"name": "CVE-2014-4350",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4350"
},
{
"name": "CVE-2014-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3515"
},
{
"name": "CVE-2014-1385",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1385"
},
{
"name": "CVE-2014-4368",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4368"
},
{
"name": "CVE-2014-0237",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0237"
},
{
"name": "CVE-2014-4409",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4409"
},
{
"name": "CVE-2014-4403",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4403"
},
{
"name": "CVE-2014-4405",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4405"
},
{
"name": "CVE-2014-4416",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4416"
},
{
"name": "CVE-2014-4401",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4401"
},
{
"name": "CVE-2014-2525",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2525"
},
{
"name": "CVE-2014-4374",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4374"
},
{
"name": "CVE-2014-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0221"
},
{
"name": "CVE-2014-1388",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1388"
},
{
"name": "CVE-2014-4421",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4421"
},
{
"name": "CVE-2014-1360",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1360"
},
{
"name": "CVE-2014-0195",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0195"
},
{
"name": "CVE-2013-6663",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6663"
},
{
"name": "CVE-2014-4413",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4413"
},
{
"name": "CVE-2014-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4376"
},
{
"name": "CVE-2014-4356",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4356"
},
{
"name": "CVE-2014-4386",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4386"
},
{
"name": "CVE-2014-1943",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1943"
},
{
"name": "CVE-2014-4381",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4381"
},
{
"name": "CVE-2014-4404",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4404"
},
{
"name": "CVE-2014-4353",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4353"
},
{
"name": "CVE-2014-1384",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1384"
},
{
"name": "CVE-2014-4383",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4383"
},
{
"name": "CVE-2014-4390",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4390"
},
{
"name": "CVE-2014-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4423"
},
{
"name": "CVE-2014-4412",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4412"
},
{
"name": "CVE-2014-4419",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4419"
},
{
"name": "CVE-2014-4420",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4420"
},
{
"name": "CVE-2014-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1387"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4384",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4384"
},
{
"name": "CVE-2014-4363",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4363"
},
{
"name": "CVE-2014-4400",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4400"
},
{
"name": "CVE-2014-1391",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1391"
},
{
"name": "CVE-2014-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4408"
},
{
"name": "CVE-2014-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
},
{
"name": "CVE-2014-0065",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
},
{
"name": "CVE-2014-4407",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4407"
},
{
"name": "CVE-2014-3480",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3480"
},
{
"name": "CVE-2014-3478",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3478"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-3981",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3981"
},
{
"name": "CVE-2014-4361",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4361"
},
{
"name": "CVE-2014-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
},
{
"name": "CVE-2013-7345",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7345"
},
{
"name": "CVE-2014-4389",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4389"
},
{
"name": "CVE-2014-4357",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4357"
},
{
"name": "CVE-2013-5227",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5227"
},
{
"name": "CVE-2014-4979",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4979"
},
{
"name": "CVE-2014-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
},
{
"name": "CVE-2014-4371",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4371"
},
{
"name": "CVE-2014-4402",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4402"
},
{
"name": "CVE-2014-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4373"
},
{
"name": "CVE-2014-4393",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4393"
},
{
"name": "CVE-2014-2270",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2270"
},
{
"name": "CVE-2014-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4352"
},
{
"name": "CVE-2014-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
},
{
"name": "CVE-2014-4414",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4414"
},
{
"name": "CVE-2014-4354",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4354"
},
{
"name": "CVE-2014-4388",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4388"
},
{
"name": "CVE-2014-3487",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3487"
},
{
"name": "CVE-2014-4049",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4049"
},
{
"name": "CVE-2011-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2391"
},
{
"name": "CVE-2014-0066",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-393",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-09-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6449 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6449"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6442 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6442"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6448 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6448"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6441 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6441"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6443 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6443"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6444 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6444"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6440 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6440"
}
]
}
CERTFR-2014-AVI-441
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Apple QuickTime. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
QuickTime versions antérieures à 7.7.6
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eQuickTime versions ant\u00e9rieures \u00e0 7.7.6\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4350",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4350"
},
{
"name": "CVE-2014-1391",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1391"
},
{
"name": "CVE-2014-4979",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4979"
},
{
"name": "CVE-2014-4351",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4351"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-441",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple QuickTime\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 22 octobre 2014",
"url": "https://support.apple.com/kb/HT6493"
}
]
}
CERTFR-2014-AVI-441
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Apple QuickTime. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
QuickTime versions antérieures à 7.7.6
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eQuickTime versions ant\u00e9rieures \u00e0 7.7.6\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4350",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4350"
},
{
"name": "CVE-2014-1391",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1391"
},
{
"name": "CVE-2014-4979",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4979"
},
{
"name": "CVE-2014-4351",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4351"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-441",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple QuickTime\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 22 octobre 2014",
"url": "https://support.apple.com/kb/HT6493"
}
]
}
CERTFR-2014-AVI-393
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | Safari | Apple Safari versions antérieures à 6.2 | ||
| Apple | N/A | Apple OS X Server versions antérieures à 3.2.1 | ||
| Apple | N/A | Apple iOS versions antérieures à 8 | ||
| Apple | N/A | Apple OS X Mavericks versions antérieures à 10.9.5 | ||
| Apple | N/A | Apple TV versions antérieures à 7 | ||
| Apple | N/A | Apple Xcode versions antérieures à 6.0.1 | ||
| Apple | Safari | Apple Safari versions antérieures à 7.1 | ||
| Apple | N/A | Apple OS X Server versions antérieures à 2.2.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 6.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Server versions ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iOS versions ant\u00e9rieures \u00e0 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Mavericks versions ant\u00e9rieures \u00e0 10.9.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple TV versions ant\u00e9rieures \u00e0 7",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Xcode versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 7.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Server versions ant\u00e9rieures \u00e0 2.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4396",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4396"
},
{
"name": "CVE-2014-1389",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1389"
},
{
"name": "CVE-2014-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4424"
},
{
"name": "CVE-2014-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3479"
},
{
"name": "CVE-2014-4394",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4394"
},
{
"name": "CVE-2014-0238",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0238"
},
{
"name": "CVE-2014-1348",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1348"
},
{
"name": "CVE-2014-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4410"
},
{
"name": "CVE-2014-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
},
{
"name": "CVE-2014-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0207"
},
{
"name": "CVE-2014-4369",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4369"
},
{
"name": "CVE-2014-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4378"
},
{
"name": "CVE-2014-4379",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4379"
},
{
"name": "CVE-2014-4375",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4375"
},
{
"name": "CVE-2014-4406",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4406"
},
{
"name": "CVE-2014-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
},
{
"name": "CVE-2014-4377",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4377"
},
{
"name": "CVE-2014-4395",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4395"
},
{
"name": "CVE-2014-4418",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4418"
},
{
"name": "CVE-2014-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4399"
},
{
"name": "CVE-2014-4397",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4397"
},
{
"name": "CVE-2013-6835",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6835"
},
{
"name": "CVE-2014-4366",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4366"
},
{
"name": "CVE-2014-4422",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4422"
},
{
"name": "CVE-2014-4367",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4367"
},
{
"name": "CVE-2014-4398",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4398"
},
{
"name": "CVE-2014-4380",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4380"
},
{
"name": "CVE-2014-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0185"
},
{
"name": "CVE-2014-4364",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4364"
},
{
"name": "CVE-2014-4372",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4372"
},
{
"name": "CVE-2014-4362",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4362"
},
{
"name": "CVE-2014-0032",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0032"
},
{
"name": "CVE-2014-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4415"
},
{
"name": "CVE-2014-4411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4411"
},
{
"name": "CVE-2014-4350",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4350"
},
{
"name": "CVE-2014-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3515"
},
{
"name": "CVE-2014-1385",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1385"
},
{
"name": "CVE-2014-4368",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4368"
},
{
"name": "CVE-2014-0237",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0237"
},
{
"name": "CVE-2014-4409",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4409"
},
{
"name": "CVE-2014-4403",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4403"
},
{
"name": "CVE-2014-4405",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4405"
},
{
"name": "CVE-2014-4416",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4416"
},
{
"name": "CVE-2014-4401",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4401"
},
{
"name": "CVE-2014-2525",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2525"
},
{
"name": "CVE-2014-4374",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4374"
},
{
"name": "CVE-2014-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0221"
},
{
"name": "CVE-2014-1388",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1388"
},
{
"name": "CVE-2014-4421",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4421"
},
{
"name": "CVE-2014-1360",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1360"
},
{
"name": "CVE-2014-0195",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0195"
},
{
"name": "CVE-2013-6663",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6663"
},
{
"name": "CVE-2014-4413",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4413"
},
{
"name": "CVE-2014-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4376"
},
{
"name": "CVE-2014-4356",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4356"
},
{
"name": "CVE-2014-4386",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4386"
},
{
"name": "CVE-2014-1943",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1943"
},
{
"name": "CVE-2014-4381",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4381"
},
{
"name": "CVE-2014-4404",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4404"
},
{
"name": "CVE-2014-4353",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4353"
},
{
"name": "CVE-2014-1384",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1384"
},
{
"name": "CVE-2014-4383",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4383"
},
{
"name": "CVE-2014-4390",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4390"
},
{
"name": "CVE-2014-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4423"
},
{
"name": "CVE-2014-4412",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4412"
},
{
"name": "CVE-2014-4419",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4419"
},
{
"name": "CVE-2014-4420",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4420"
},
{
"name": "CVE-2014-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1387"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4384",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4384"
},
{
"name": "CVE-2014-4363",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4363"
},
{
"name": "CVE-2014-4400",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4400"
},
{
"name": "CVE-2014-1391",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1391"
},
{
"name": "CVE-2014-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4408"
},
{
"name": "CVE-2014-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
},
{
"name": "CVE-2014-0065",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
},
{
"name": "CVE-2014-4407",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4407"
},
{
"name": "CVE-2014-3480",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3480"
},
{
"name": "CVE-2014-3478",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3478"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-3981",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3981"
},
{
"name": "CVE-2014-4361",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4361"
},
{
"name": "CVE-2014-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
},
{
"name": "CVE-2013-7345",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7345"
},
{
"name": "CVE-2014-4389",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4389"
},
{
"name": "CVE-2014-4357",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4357"
},
{
"name": "CVE-2013-5227",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5227"
},
{
"name": "CVE-2014-4979",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4979"
},
{
"name": "CVE-2014-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
},
{
"name": "CVE-2014-4371",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4371"
},
{
"name": "CVE-2014-4402",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4402"
},
{
"name": "CVE-2014-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4373"
},
{
"name": "CVE-2014-4393",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4393"
},
{
"name": "CVE-2014-2270",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2270"
},
{
"name": "CVE-2014-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4352"
},
{
"name": "CVE-2014-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
},
{
"name": "CVE-2014-4414",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4414"
},
{
"name": "CVE-2014-4354",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4354"
},
{
"name": "CVE-2014-4388",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4388"
},
{
"name": "CVE-2014-3487",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3487"
},
{
"name": "CVE-2014-4049",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4049"
},
{
"name": "CVE-2011-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2391"
},
{
"name": "CVE-2014-0066",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-393",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-09-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6449 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6449"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6442 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6442"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6448 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6448"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6441 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6441"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6443 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6443"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6444 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6444"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6440 du 17 septembre 2014",
"url": "http://support.apple.com/kb/HT6440"
}
]
}
GSD-2014-1391
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-1391",
"description": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.",
"id": "GSD-2014-1391"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-1391"
],
"details": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.",
"id": "GSD-2014-1391",
"modified": "2023-12-13T01:22:50.973113Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT6493",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6493"
},
{
"name": "1030868",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030868"
},
{
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "69907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69907"
},
{
"name": "macosx-cve20141391-code-exec(96049)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1391"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "https://support.apple.com/kb/HT6493",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.apple.com/kb/HT6493"
},
{
"name": "1030868",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1030868"
},
{
"name": "69907",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/69907"
},
{
"name": "macosx-cve20141391-code-exec(96049)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-08-29T01:34Z",
"publishedDate": "2014-09-19T10:55Z"
}
}
}
GHSA-8GJ9-X892-W96J
Vulnerability from github – Published: 2022-05-17 01:27 – Updated: 2022-05-17 01:27
VLAI?
Details
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.
{
"affected": [],
"aliases": [
"CVE-2014-1391"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-09-19T10:55:00Z",
"severity": "MODERATE"
},
"details": "QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.",
"id": "GHSA-8gj9-x892-w96j",
"modified": "2022-05-17T01:27:13Z",
"published": "2022-05-17T01:27:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1391"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96049"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT6493"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6443"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/69907"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030868"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…