Skip to main content

Quicktime CVE-2015-3790

MEDIUM
Buffer Overflow (CWE-119)
2015-08-17 product-security@apple.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Aug 17, 2015 - 00:00 cve.org
MEDIUM 6.8

DescriptionCVE.org

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.

AnalysisAI

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. Affected products include: Apple Quicktime. Version information: before 10.10.5.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2013-1017 CRITICAL POC
9.3 May 24

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of s

CVE-2012-3752 CRITICAL POC
9.3 Nov 09

Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a de

CVE-2012-3753 CRITICAL POC
9.3 Nov 09

Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause

CVE-2012-0663 CRITICAL POC
9.3 May 16

Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbit

CVE-2012-3755 CRITICAL POC
9.3 Nov 09

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of s

CVE-2012-3756 CRITICAL
9.3 Nov 09

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of s

CVE-2012-3757 CRITICAL
9.3 Nov 09

Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corr

CVE-2014-1251 CRITICAL
9.3 Feb 27

Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of s

CVE-2012-0671 CRITICAL
9.3 May 16

Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corr

CVE-2013-0989 CRITICAL
9.3 May 24

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of s

CVE-2013-0988 CRITICAL
9.3 May 24

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of s

CVE-2012-0670 CRITICAL
9.3 May 16

Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of

Share

CVE-2015-3790 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy