CVE-2007-0462 - OpenCVE

The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Quicktime

Configuration 1 [-]

cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*

References

Link	Resource
http://projects.info-pull.com/moab/MOAB-23-01-2007.html	Vendor Advisory
http://secunia.com/advisories/23859
http://www.osvdb.org/32696
http://www.securityfocus.com/bid/22207
http://www.vupen.com/english/advisories/2007/0337
https://exchange.xforce.ibmcloud.com/vulnerabilities/31698

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-26T01:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-01-23T00:00:00

Link: CVE-2007-0462

JSON object: View

NVD Information

Status : Modified

Published: 2007-01-26T01:28:00.000

Modified: 2017-07-29T01:30:12.437

Link: CVE-2007-0462

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "22207", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22207"}, {"name": "23859", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23859"}, {"name": "macos-argb-dos(31698)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31698"}, {"tags": ["x_refsource_MISC"], "url": "http://projects.info-pull.com/moab/MOAB-23-01-2007.html"}, {"name": "ADV-2007-0337", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0337"}, {"name": "32696", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32696"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0462", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22207", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22207"}, {"name": "23859", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23859"}, {"name": "macos-argb-dos(31698)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31698"}, {"name": "http://projects.info-pull.com/moab/MOAB-23-01-2007.html", "refsource": "MISC", "url": "http://projects.info-pull.com/moab/MOAB-23-01-2007.html"}, {"name": "ADV-2007-0337", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0337"}, {"name": "32696", "refsource": "OSVDB", "url": "http://www.osvdb.org/32696"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0462", "datePublished": "2007-01-26T01:00:00", "dateReserved": "2007-01-23T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "952A8015-B18B-481C-AC17-60F0D7EEE085", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption."}, {"lang": "es", "value": "La funci\u00f3n _GetSrcBits32ARGB en App Apple QuickDraw, tal y como lo usa Quicktime 7.1.3 y otras aplicaciones en Mac OS X 10.4.8 y versiones anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante una imagen PICT manipulada con un registro Alpha RGB (ARGB) mal formado, que dispara corrupci\u00f3n de memoria."}], "id": "CVE-2007-0462", "lastModified": "2017-07-29T01:30:12.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-26T01:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://projects.info-pull.com/moab/MOAB-23-01-2007.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23859"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32696"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22207"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0337"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31698"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}