Lucene search

[email protected]CVE-2010-3794

HistoryNov 16, 2010 - 10:00 p.m.

CVE-2010-3794

2010-11-1622:00:16

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-3794

quicktime

apple

mac os x

memory access

flashpix

image data

remote code execution

denial of service

application crash

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.062 Low

EPSS

Percentile

93.6%

JSON

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

Affected configurations

NVD

Node

applemac_os_xMatch10.6.0

applemac_os_xMatch10.6.1

applemac_os_xMatch10.6.2

applemac_os_xMatch10.6.3

applemac_os_xMatch10.6.4

Node

applemac_os_x_serverMatch10.6.0

applemac_os_x_serverMatch10.6.1

applemac_os_x_serverMatch10.6.2

applemac_os_x_serverMatch10.6.3

applemac_os_x_serverMatch10.6.4

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.6.0
apple:mac_os_xapple mac os xeq10.6.1
apple:mac_os_xapple mac os xeq10.6.2
apple:mac_os_xapple mac os xeq10.6.3
apple:mac_os_xapple mac os xeq10.6.4

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.6.0
apple:mac_os_x	apple mac os x	eq	10.6.1
apple:mac_os_x	apple mac os x	eq	10.6.2
apple:mac_os_x	apple mac os x	eq	10.6.3
apple:mac_os_x	apple mac os x	eq	10.6.4