CVE-2005-2340

2006-01-1118:00:00

CWE-119

certcc

web.nvd.nist.gov

cve-2005-2340

apple quicktime

buffer overflow

remote code execution

security vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.968

Percentile

99.7%

JSON

Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.

Affected configurations

Nvd

Node

applequicktimeRange≤7.0.3

applequicktimeMatch7.0

applequicktimeMatch7.0.1

applequicktimeMatch7.0.2

VendorProductVersionCPE
applequicktime7.0.2cpe:/a:apple:quicktime:7.0.2:::
applequicktimecpe:/a:apple:quicktime::::
applequicktime7.0.1cpe:/a:apple:quicktime:7.0.1:::
applequicktime7.0cpe:/a:apple:quicktime:7.0:::

Vendor	Product	Version	CPE
apple	quicktime	7.0.2	cpe:/a:apple:quicktime:7.0.2:::
apple	quicktime		cpe:/a:apple:quicktime::::
apple	quicktime	7.0.1	cpe:/a:apple:quicktime:7.0.1:::
apple	quicktime	7.0	cpe:/a:apple:quicktime:7.0:::