cvelistv5 - cve-2005-2340

cve-2005-2340

Vulnerability from cvelistv5

Published

2006-01-11 18:00

Modified

2024-08-07 22:22

Severity ?

EPSS score ?

63.97% (0.98279)

Summary

References

URL	Tags
cret@cert.org	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html
cret@cert.org	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html	Vendor Advisory
cret@cert.org	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html
cret@cert.org	http://docs.info.apple.com/article.html?artnum=303101	Patch
cret@cert.org	http://secunia.com/advisories/18370	Patch, Vendor Advisory
cret@cert.org	http://securityreason.com/securityalert/332
cret@cert.org	http://securitytracker.com/id?1015463	Patch
cret@cert.org	http://www.cirt.dk/advisories/cirt-41-advisory.pdf	Vendor Advisory
cret@cert.org	http://www.kb.cert.org/vuls/id/629845	Patch, Third Party Advisory, US Government Resource
cret@cert.org	http://www.kb.cert.org/vuls/id/687201	Patch, Third Party Advisory, US Government Resource
cret@cert.org	http://www.osvdb.org/22333	Patch
cret@cert.org	http://www.osvdb.org/22334	Patch
cret@cert.org	http://www.osvdb.org/22335	Patch
cret@cert.org	http://www.securityfocus.com/archive/1/421547/100/0/threaded
cret@cert.org	http://www.securityfocus.com/archive/1/421566/100/0/threaded
cret@cert.org	http://www.securityfocus.com/bid/16202	Patch
cret@cert.org	http://www.securityfocus.com/bid/16212	Exploit
cret@cert.org	http://www.us-cert.gov/cas/techalerts/TA06-011A.html	Patch, Third Party Advisory, US Government Resource
cret@cert.org	http://www.vupen.com/english/advisories/2006/0128	Vendor Advisory
cret@cert.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/24054
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=303101	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18370	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/332
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015463	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.cirt.dk/advisories/cirt-41-advisory.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/629845	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/687201	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/22333	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/22334	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/22335	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/421547/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/421566/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16202	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16212	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-011A.html	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0128	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/24054

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:22:49.047Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "VU#687201",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/687201",
               },
               {
                  name: "20060111 Updated Advisories - Incorrect CVE Information",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html",
               },
               {
                  name: "18370",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/18370",
               },
               {
                  name: "TA06-011A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA06-011A.html",
               },
               {
                  name: "22335",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/22335",
               },
               {
                  name: "APPLE-SA-2006-01-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://docs.info.apple.com/article.html?artnum=303101",
               },
               {
                  name: "quicktime-qtif-bo(24054)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054",
               },
               {
                  name: "22333",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/22333",
               },
               {
                  name: "ADV-2006-0128",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/0128",
               },
               {
                  name: "22334",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/22334",
               },
               {
                  name: "16212",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/16212",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
               },
               {
                  name: "16202",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/16202",
               },
               {
                  name: "332",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/332",
               },
               {
                  name: "20060111 [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html",
               },
               {
                  name: "1015463",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1015463",
               },
               {
                  name: "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html",
               },
               {
                  name: "20060111 Updated Advisories - Incorrect CVE Information",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/421547/100/0/threaded",
               },
               {
                  name: "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/421566/100/0/threaded",
               },
               {
                  name: "VU#629845",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/629845",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2006-01-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-19T14:57:01",
            orgId: "37e5125f-f79b-445b-8fad-9564f167944b",
            shortName: "certcc",
         },
         references: [
            {
               name: "VU#687201",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/687201",
            },
            {
               name: "20060111 Updated Advisories - Incorrect CVE Information",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html",
            },
            {
               name: "18370",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/18370",
            },
            {
               name: "TA06-011A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA06-011A.html",
            },
            {
               name: "22335",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/22335",
            },
            {
               name: "APPLE-SA-2006-01-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://docs.info.apple.com/article.html?artnum=303101",
            },
            {
               name: "quicktime-qtif-bo(24054)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054",
            },
            {
               name: "22333",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/22333",
            },
            {
               name: "ADV-2006-0128",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/0128",
            },
            {
               name: "22334",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/22334",
            },
            {
               name: "16212",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/16212",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
            },
            {
               name: "16202",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/16202",
            },
            {
               name: "332",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/332",
            },
            {
               name: "20060111 [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html",
            },
            {
               name: "1015463",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1015463",
            },
            {
               name: "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html",
            },
            {
               name: "20060111 Updated Advisories - Incorrect CVE Information",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/421547/100/0/threaded",
            },
            {
               name: "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/421566/100/0/threaded",
            },
            {
               name: "VU#629845",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/629845",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cert@cert.org",
               ID: "CVE-2005-2340",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "VU#687201",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/687201",
                  },
                  {
                     name: "20060111 Updated Advisories - Incorrect CVE Information",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html",
                  },
                  {
                     name: "18370",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/18370",
                  },
                  {
                     name: "TA06-011A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA06-011A.html",
                  },
                  {
                     name: "22335",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/22335",
                  },
                  {
                     name: "APPLE-SA-2006-01-10",
                     refsource: "APPLE",
                     url: "http://docs.info.apple.com/article.html?artnum=303101",
                  },
                  {
                     name: "quicktime-qtif-bo(24054)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054",
                  },
                  {
                     name: "22333",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/22333",
                  },
                  {
                     name: "ADV-2006-0128",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2006/0128",
                  },
                  {
                     name: "22334",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/22334",
                  },
                  {
                     name: "16212",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/16212",
                  },
                  {
                     name: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
                     refsource: "MISC",
                     url: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
                  },
                  {
                     name: "16202",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/16202",
                  },
                  {
                     name: "332",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/332",
                  },
                  {
                     name: "20060111 [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html",
                  },
                  {
                     name: "1015463",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1015463",
                  },
                  {
                     name: "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html",
                  },
                  {
                     name: "20060111 Updated Advisories - Incorrect CVE Information",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/421547/100/0/threaded",
                  },
                  {
                     name: "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/421566/100/0/threaded",
                  },
                  {
                     name: "VU#629845",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/629845",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b",
      assignerShortName: "certcc",
      cveId: "CVE-2005-2340",
      datePublished: "2006-01-11T18:00:00",
      dateReserved: "2005-07-21T00:00:00",
      dateUpdated: "2024-08-07T22:22:49.047Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2005-2340\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2005-12-31T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0.3\",\"matchCriteriaId\":\"02607C2D-80F9-454B-A82C-0F892826AA99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8692B488-129A-49EA-AF84-6077FCDBB898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1758610B-3789-489E-A751-386D605E5A08\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=303101\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/18370\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/332\",\"source\":\"cret@cert.org\"},{\"url\":\"http://securitytracker.com/id?1015463\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cirt.dk/advisories/cirt-41-advisory.pdf\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/629845\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/687201\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/22333\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/22334\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/22335\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/421547/100/0/threaded\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/421566/100/0/threaded\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securityfocus.com/bid/16202\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/16212\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-011A.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0128\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24054\",\"source\":\"cret@cert.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=303101\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/18370\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/332\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015463\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cirt.dk/advisories/cirt-41-advisory.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/629845\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/687201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/22333\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/22334\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/22335\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/421547/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/421566/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/16202\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/16212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-011A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24054\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}

ghsa-phq6-4q25-99ph

Vulnerability from github

Published

2022-05-01 02:07

Modified

2022-05-01 02:07

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2005-2340",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-119",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2005-12-31T05:00:00Z",
      severity: "HIGH",
   },
   details: "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.",
   id: "GHSA-phq6-4q25-99ph",
   modified: "2022-05-01T02:07:23Z",
   published: "2022-05-01T02:07:23Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2340",
      },
      {
         type: "WEB",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054",
      },
      {
         type: "WEB",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html",
      },
      {
         type: "WEB",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html",
      },
      {
         type: "WEB",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html",
      },
      {
         type: "WEB",
         url: "http://docs.info.apple.com/article.html?artnum=303101",
      },
      {
         type: "WEB",
         url: "http://secunia.com/advisories/18370",
      },
      {
         type: "WEB",
         url: "http://securityreason.com/securityalert/332",
      },
      {
         type: "WEB",
         url: "http://securitytracker.com/id?1015463",
      },
      {
         type: "WEB",
         url: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
      },
      {
         type: "WEB",
         url: "http://www.kb.cert.org/vuls/id/629845",
      },
      {
         type: "WEB",
         url: "http://www.kb.cert.org/vuls/id/687201",
      },
      {
         type: "WEB",
         url: "http://www.osvdb.org/22333",
      },
      {
         type: "WEB",
         url: "http://www.osvdb.org/22334",
      },
      {
         type: "WEB",
         url: "http://www.osvdb.org/22335",
      },
      {
         type: "WEB",
         url: "http://www.securityfocus.com/archive/1/421547/100/0/threaded",
      },
      {
         type: "WEB",
         url: "http://www.securityfocus.com/archive/1/421566/100/0/threaded",
      },
      {
         type: "WEB",
         url: "http://www.securityfocus.com/bid/16202",
      },
      {
         type: "WEB",
         url: "http://www.securityfocus.com/bid/16212",
      },
      {
         type: "WEB",
         url: "http://www.us-cert.gov/cas/techalerts/TA06-011A.html",
      },
      {
         type: "WEB",
         url: "http://www.vupen.com/english/advisories/2006/0128",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

gsd-2005-2340

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2005-2340

Aliases

CVE-2005-2340

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2005-2340",
      description: "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.",
      id: "GSD-2005-2340",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2005-2340",
         ],
         details: "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.",
         id: "GSD-2005-2340",
         modified: "2023-12-13T01:20:10.373552Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "cert@cert.org",
            ID: "CVE-2005-2340",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "VU#687201",
                  refsource: "CERT-VN",
                  url: "http://www.kb.cert.org/vuls/id/687201",
               },
               {
                  name: "20060111 Updated Advisories - Incorrect CVE Information",
                  refsource: "FULLDISC",
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html",
               },
               {
                  name: "18370",
                  refsource: "SECUNIA",
                  url: "http://secunia.com/advisories/18370",
               },
               {
                  name: "TA06-011A",
                  refsource: "CERT",
                  url: "http://www.us-cert.gov/cas/techalerts/TA06-011A.html",
               },
               {
                  name: "22335",
                  refsource: "OSVDB",
                  url: "http://www.osvdb.org/22335",
               },
               {
                  name: "APPLE-SA-2006-01-10",
                  refsource: "APPLE",
                  url: "http://docs.info.apple.com/article.html?artnum=303101",
               },
               {
                  name: "quicktime-qtif-bo(24054)",
                  refsource: "XF",
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054",
               },
               {
                  name: "22333",
                  refsource: "OSVDB",
                  url: "http://www.osvdb.org/22333",
               },
               {
                  name: "ADV-2006-0128",
                  refsource: "VUPEN",
                  url: "http://www.vupen.com/english/advisories/2006/0128",
               },
               {
                  name: "22334",
                  refsource: "OSVDB",
                  url: "http://www.osvdb.org/22334",
               },
               {
                  name: "16212",
                  refsource: "BID",
                  url: "http://www.securityfocus.com/bid/16212",
               },
               {
                  name: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
                  refsource: "MISC",
                  url: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
               },
               {
                  name: "16202",
                  refsource: "BID",
                  url: "http://www.securityfocus.com/bid/16202",
               },
               {
                  name: "332",
                  refsource: "SREASON",
                  url: "http://securityreason.com/securityalert/332",
               },
               {
                  name: "20060111 [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow",
                  refsource: "FULLDISC",
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html",
               },
               {
                  name: "1015463",
                  refsource: "SECTRACK",
                  url: "http://securitytracker.com/id?1015463",
               },
               {
                  name: "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
                  refsource: "FULLDISC",
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html",
               },
               {
                  name: "20060111 Updated Advisories - Incorrect CVE Information",
                  refsource: "BUGTRAQ",
                  url: "http://www.securityfocus.com/archive/1/421547/100/0/threaded",
               },
               {
                  name: "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
                  refsource: "BUGTRAQ",
                  url: "http://www.securityfocus.com/archive/1/421566/100/0/threaded",
               },
               {
                  name: "VU#629845",
                  refsource: "CERT-VN",
                  url: "http://www.kb.cert.org/vuls/id/629845",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "7.0.3",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "cert@cert.org",
               ID: "CVE-2005-2340",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-119",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "APPLE-SA-2006-01-10",
                     refsource: "APPLE",
                     tags: [
                        "Patch",
                     ],
                     url: "http://docs.info.apple.com/article.html?artnum=303101",
                  },
                  {
                     name: "16202",
                     refsource: "BID",
                     tags: [
                        "Patch",
                     ],
                     url: "http://www.securityfocus.com/bid/16202",
                  },
                  {
                     name: "18370",
                     refsource: "SECUNIA",
                     tags: [
                        "Patch",
                        "Vendor Advisory",
                     ],
                     url: "http://secunia.com/advisories/18370",
                  },
                  {
                     name: "20060111 [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow",
                     refsource: "FULLDISC",
                     tags: [],
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html",
                  },
                  {
                     name: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
                     refsource: "MISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
                  },
                  {
                     name: "VU#629845",
                     refsource: "CERT-VN",
                     tags: [
                        "Patch",
                        "Third Party Advisory",
                        "US Government Resource",
                     ],
                     url: "http://www.kb.cert.org/vuls/id/629845",
                  },
                  {
                     name: "TA06-011A",
                     refsource: "CERT",
                     tags: [
                        "Patch",
                        "Third Party Advisory",
                        "US Government Resource",
                     ],
                     url: "http://www.us-cert.gov/cas/techalerts/TA06-011A.html",
                  },
                  {
                     name: "VU#687201",
                     refsource: "CERT-VN",
                     tags: [
                        "Patch",
                        "Third Party Advisory",
                        "US Government Resource",
                     ],
                     url: "http://www.kb.cert.org/vuls/id/687201",
                  },
                  {
                     name: "16212",
                     refsource: "BID",
                     tags: [
                        "Exploit",
                     ],
                     url: "http://www.securityfocus.com/bid/16212",
                  },
                  {
                     name: "22333",
                     refsource: "OSVDB",
                     tags: [
                        "Patch",
                     ],
                     url: "http://www.osvdb.org/22333",
                  },
                  {
                     name: "22334",
                     refsource: "OSVDB",
                     tags: [
                        "Patch",
                     ],
                     url: "http://www.osvdb.org/22334",
                  },
                  {
                     name: "22335",
                     refsource: "OSVDB",
                     tags: [
                        "Patch",
                     ],
                     url: "http://www.osvdb.org/22335",
                  },
                  {
                     name: "1015463",
                     refsource: "SECTRACK",
                     tags: [
                        "Patch",
                     ],
                     url: "http://securitytracker.com/id?1015463",
                  },
                  {
                     name: "20060111 Updated Advisories - Incorrect CVE Information",
                     refsource: "FULLDISC",
                     tags: [],
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html",
                  },
                  {
                     name: "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
                     refsource: "FULLDISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html",
                  },
                  {
                     name: "332",
                     refsource: "SREASON",
                     tags: [],
                     url: "http://securityreason.com/securityalert/332",
                  },
                  {
                     name: "ADV-2006-0128",
                     refsource: "VUPEN",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "http://www.vupen.com/english/advisories/2006/0128",
                  },
                  {
                     name: "quicktime-qtif-bo(24054)",
                     refsource: "XF",
                     tags: [],
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054",
                  },
                  {
                     name: "20060111 [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow",
                     refsource: "BUGTRAQ",
                     tags: [],
                     url: "http://www.securityfocus.com/archive/1/421566/100/0/threaded",
                  },
                  {
                     name: "20060111 Updated Advisories - Incorrect CVE Information",
                     refsource: "BUGTRAQ",
                     tags: [],
                     url: "http://www.securityfocus.com/archive/1/421547/100/0/threaded",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               exploitabilityScore: 10,
               impactScore: 6.4,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: true,
               severity: "HIGH",
               userInteractionRequired: false,
            },
         },
         lastModifiedDate: "2018-10-19T15:32Z",
         publishedDate: "2005-12-31T05:00Z",
      },
   },
}

fkie_cve-2005-2340

Vulnerability from fkie_nvd

Published

2005-12-31 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html
cret@cert.org	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html	Vendor Advisory
cret@cert.org	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html
cret@cert.org	http://docs.info.apple.com/article.html?artnum=303101	Patch
cret@cert.org	http://secunia.com/advisories/18370	Patch, Vendor Advisory
cret@cert.org	http://securityreason.com/securityalert/332
cret@cert.org	http://securitytracker.com/id?1015463	Patch
cret@cert.org	http://www.cirt.dk/advisories/cirt-41-advisory.pdf	Vendor Advisory
cret@cert.org	http://www.kb.cert.org/vuls/id/629845	Patch, Third Party Advisory, US Government Resource
cret@cert.org	http://www.kb.cert.org/vuls/id/687201	Patch, Third Party Advisory, US Government Resource
cret@cert.org	http://www.osvdb.org/22333	Patch
cret@cert.org	http://www.osvdb.org/22334	Patch
cret@cert.org	http://www.osvdb.org/22335	Patch
cret@cert.org	http://www.securityfocus.com/archive/1/421547/100/0/threaded
cret@cert.org	http://www.securityfocus.com/archive/1/421566/100/0/threaded
cret@cert.org	http://www.securityfocus.com/bid/16202	Patch
cret@cert.org	http://www.securityfocus.com/bid/16212	Exploit
cret@cert.org	http://www.us-cert.gov/cas/techalerts/TA06-011A.html	Patch, Third Party Advisory, US Government Resource
cret@cert.org	http://www.vupen.com/english/advisories/2006/0128	Vendor Advisory
cret@cert.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/24054
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=303101	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18370	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/332
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015463	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.cirt.dk/advisories/cirt-41-advisory.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/629845	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/687201	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/22333	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/22334	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/22335	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/421547/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/421566/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16202	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16212	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-011A.html	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0128	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/24054

Impacted products

Vendor	Product	Version
apple	quicktime	*
apple	quicktime	7.0
apple	quicktime	7.0.1
apple	quicktime	7.0.2

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "02607C2D-80F9-454B-A82C-0F892826AA99",
                     versionEndIncluding: "7.0.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8692B488-129A-49EA-AF84-6077FCDBB898",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1758610B-3789-489E-A751-386D605E5A08",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.",
      },
   ],
   id: "CVE-2005-2340",
   lastModified: "2025-04-03T01:03:51.193",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-12-31T05:00:00.000",
   references: [
      {
         source: "cret@cert.org",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html",
      },
      {
         source: "cret@cert.org",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Patch",
         ],
         url: "http://docs.info.apple.com/article.html?artnum=303101",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/18370",
      },
      {
         source: "cret@cert.org",
         url: "http://securityreason.com/securityalert/332",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Patch",
         ],
         url: "http://securitytracker.com/id?1015463",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/629845",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/687201",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Patch",
         ],
         url: "http://www.osvdb.org/22333",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Patch",
         ],
         url: "http://www.osvdb.org/22334",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Patch",
         ],
         url: "http://www.osvdb.org/22335",
      },
      {
         source: "cret@cert.org",
         url: "http://www.securityfocus.com/archive/1/421547/100/0/threaded",
      },
      {
         source: "cret@cert.org",
         url: "http://www.securityfocus.com/archive/1/421566/100/0/threaded",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/16202",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/16212",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA06-011A.html",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2006/0128",
      },
      {
         source: "cret@cert.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://docs.info.apple.com/article.html?artnum=303101",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/18370",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securityreason.com/securityalert/332",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://securitytracker.com/id?1015463",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/629845",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/687201",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.osvdb.org/22333",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.osvdb.org/22334",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.osvdb.org/22335",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/421547/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/421566/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/16202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/16212",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA06-011A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2006/0128",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054",
      },
   ],
   sourceIdentifier: "cret@cert.org",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field. Apple's QuickTime is a player for files and streaming media in a variety of different formats. QuickTime is prone to a remote heap-based overflow vulnerability. This issue presents itself when the application processes a specially crafted QTIF (QuickTime Image) file. A successful attack can result in a remote compromise. Apple QuickTime is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before copying it to finite-sized process buffers. Unsuccessful exploit attempts will most likely crash the application. This issue affects QuickTime 6.5.2 and 7.0.3; other versions may also be vulnerable. QuickTime 7.0.4 may also be vulnerable, but this has not been confirmed. This issue may have previously been discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities). Quicktime will copy to the stack byte by byte when processing the data field of the qtif format file, but it does not perform the correct check, so it will cause a stack overflow in memory. The original function pointer value is 0x44332211. Just overflow it to 0x08332211 and make sure it doesn't crash before overflowing 0x44 to 0x08, and the code will execute. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                    National Cyber Alert System

             Technical Cyber Security Alert TA06-011A

Apple QuickTime Vulnerabilities

Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT

Systems Affected

Apple QuickTime on systems running

 * Apple Mac OS X
 * Microsoft Windows XP
 * Microsoft Windows 2000

Overview

Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.

I. (CAN-2005-3713)

II. Impact

The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service.

III. Solution

Upgrade

Upgrade to QuickTime 7.0.4.

Appendix A. References

 * US-CERT Vulnerability Note VU#629845 -
   <http://www.kb.cert.org/vuls/id/629845>

 * US-CERT Vulnerability Note VU#921193 -
   <http://www.kb.cert.org/vuls/id/921193>

 * US-CERT Vulnerability Note VU#115729 -
   <http://www.kb.cert.org/vuls/id/115729>

 * US-CERT Vulnerability Note VU#150753 -
   <http://www.kb.cert.org/vuls/id/150753>

 * US-CERT Vulnerability Note VU#913449 -
   <http://www.kb.cert.org/vuls/id/913449>

 * CVE-2005-2340 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>

 * CVE-2005-4092 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>

 * CVE-2005-3707 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>

 * CVE-2005-3710 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>

 * CVE-2005-3713 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>

 * Security Content for QuickTime 7.0.4 -
   <http://docs.info.apple.com/article.html?artnum=303101>

 * QuickTime 7.0.4 -
   <http://www.apple.com/support/downloads/quicktime704.html>

 * About the Mac OS X 10.4.4 Update (Delta) -
   <http://docs.info.apple.com/article.html?artnum=302810>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA06-011A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-011A Feedback VU#913449" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2006 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

January 11, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200512-0643",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: null,
            scope: null,
            trust: 4.8,
            vendor: "apple computer",
            version: null,
         },
         {
            model: "quicktime",
            scope: "eq",
            trust: 1.6,
            vendor: "apple",
            version: "7.0.2",
         },
         {
            model: "quicktime",
            scope: "eq",
            trust: 1.6,
            vendor: "apple",
            version: "7.0",
         },
         {
            model: "quicktime",
            scope: "eq",
            trust: 1.6,
            vendor: "apple",
            version: "7.0.1",
         },
         {
            model: "quicktime",
            scope: "lte",
            trust: 1,
            vendor: "apple",
            version: "7.0.3",
         },
         {
            model: "quicktime player",
            scope: "eq",
            trust: 0.6,
            vendor: "apple",
            version: "7.0.3",
         },
         {
            model: "quicktime player",
            scope: "eq",
            trust: 0.6,
            vendor: "apple",
            version: "7.0.2",
         },
         {
            model: "quicktime player",
            scope: "eq",
            trust: 0.6,
            vendor: "apple",
            version: "7.0.1",
         },
         {
            model: "quicktime player",
            scope: "eq",
            trust: 0.6,
            vendor: "apple",
            version: "7.0",
         },
         {
            model: "quicktime",
            scope: "eq",
            trust: 0.6,
            vendor: "apple",
            version: "7.0.3",
         },
         {
            model: "quicktime player",
            scope: "ne",
            trust: 0.3,
            vendor: "apple",
            version: "7.0.4",
         },
         {
            model: "quicktime player",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "7.0.4",
         },
         {
            model: "quicktime player",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "6.5.2",
         },
         {
            model: "quicktime player",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "6.4",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#921193",
         },
         {
            db: "CERT/CC",
            id: "VU#629845",
         },
         {
            db: "CERT/CC",
            id: "VU#115729",
         },
         {
            db: "CERT/CC",
            id: "VU#150753",
         },
         {
            db: "CERT/CC",
            id: "VU#913449",
         },
         {
            db: "CERT/CC",
            id: "VU#687201",
         },
         {
            db: "BID",
            id: "16852",
         },
         {
            db: "BID",
            id: "16212",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200512-952",
         },
         {
            db: "NVD",
            id: "CVE-2005-2340",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Varun UppaleEye  info@eEye.com",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200512-952",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2005-2340",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CVE-2005-2340",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 1,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "VHN-13549",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2005-2340",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#921193",
                  trust: 0.8,
                  value: "43.88",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#629845",
                  trust: 0.8,
                  value: "18.23",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#115729",
                  trust: 0.8,
                  value: "3.85",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#150753",
                  trust: 0.8,
                  value: "32.63",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#913449",
                  trust: 0.8,
                  value: "3.85",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#687201",
                  trust: 0.8,
                  value: "16.40",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200512-952",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULHUB",
                  id: "VHN-13549",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#921193",
         },
         {
            db: "CERT/CC",
            id: "VU#629845",
         },
         {
            db: "CERT/CC",
            id: "VU#115729",
         },
         {
            db: "CERT/CC",
            id: "VU#150753",
         },
         {
            db: "CERT/CC",
            id: "VU#913449",
         },
         {
            db: "CERT/CC",
            id: "VU#687201",
         },
         {
            db: "VULHUB",
            id: "VHN-13549",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200512-952",
         },
         {
            db: "NVD",
            id: "CVE-2005-2340",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field. Apple's QuickTime is a player for files and streaming media in a variety of different formats. QuickTime is prone to a remote heap-based overflow vulnerability. \nThis issue presents itself when the application processes a specially crafted QTIF (QuickTime Image) file. \nA successful attack can result in a remote compromise. Apple QuickTime is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before copying it to finite-sized process buffers. Unsuccessful exploit attempts will most likely crash the application. \nThis issue affects QuickTime 6.5.2 and 7.0.3; other versions may also be vulnerable. QuickTime 7.0.4 may also be vulnerable, but this has not been confirmed. \nThis issue may have previously been discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities). Quicktime will copy to the stack byte by byte when processing the data field of the qtif format file, but it does not perform the correct check, so it will cause a stack overflow in memory. The original function pointer value is 0x44332211. Just overflow it to 0x08332211 and make sure it doesn't crash before overflowing 0x44 to 0x08, and the code will execute. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n   \n                        National Cyber Alert System\n\n                 Technical Cyber Security Alert TA06-011A\n\n\nApple QuickTime Vulnerabilities\n\n   Original release date: January 11, 2006\n   Last revised: January 11, 2006\n   Source: US-CERT\n\nSystems Affected\n\n   Apple QuickTime on systems running\n\n     * Apple Mac OS X\n     * Microsoft Windows XP\n     * Microsoft Windows 2000\n\n\nOverview\n\n   Apple has released QuickTime 7.0.4 to correct multiple\n   vulnerabilities. The impacts of these vulnerabilities include\n   execution of arbitrary code and denial of service. \n\n\nI. \n   (CAN-2005-3713)\n\n\nII. Impact\n\n   The impacts of these vulnerabilities vary. For information about\n   specific impacts, please see the Vulnerability Notes. Potential\n   consequences include remote execution of arbitrary code or commands\n   and denial of service. \n\n\nIII. Solution\n\nUpgrade\n\n   Upgrade to QuickTime 7.0.4. \n\n\nAppendix A. References\n\n     * US-CERT Vulnerability Note VU#629845 -\n       <http://www.kb.cert.org/vuls/id/629845>\n\n     * US-CERT Vulnerability Note VU#921193 -\n       <http://www.kb.cert.org/vuls/id/921193>\n\n     * US-CERT Vulnerability Note VU#115729 -\n       <http://www.kb.cert.org/vuls/id/115729>\n\n     * US-CERT Vulnerability Note VU#150753 -\n       <http://www.kb.cert.org/vuls/id/150753>\n\n     * US-CERT Vulnerability Note VU#913449 -\n       <http://www.kb.cert.org/vuls/id/913449>\n\n     * CVE-2005-2340 -\n       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>\n\n     * CVE-2005-4092 -\n       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>\n\n     * CVE-2005-3707 -\n       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>\n\n     * CVE-2005-3710 -\n       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>\n\n     * CVE-2005-3713 -\n       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>\n\n     * Security Content for QuickTime 7.0.4 -\n       <http://docs.info.apple.com/article.html?artnum=303101>\n\n     * QuickTime 7.0.4 -\n       <http://www.apple.com/support/downloads/quicktime704.html>\n\n     * About the Mac OS X 10.4.4 Update (Delta) -\n       <http://docs.info.apple.com/article.html?artnum=302810>\n\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     <http://www.us-cert.gov/cas/techalerts/TA06-011A.html>\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to <cert@cert.org> with \"TA06-011A Feedback VU#913449\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit <http://www.us-cert.gov/cas/signup.html>. \n ____________________________________________________________________\n\n   Produced 2006 by US-CERT, a government organization. \n\n   Terms of use:\n\n     <http://www.us-cert.gov/legal.html>\n ____________________________________________________________________\n\n\n\nRevision History\n\n   January 11, 2006: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj\n34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey\nAdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/\nHpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL\nosieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy\n0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==\n=5Kiq\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2005-2340",
         },
         {
            db: "CERT/CC",
            id: "VU#921193",
         },
         {
            db: "CERT/CC",
            id: "VU#629845",
         },
         {
            db: "CERT/CC",
            id: "VU#115729",
         },
         {
            db: "CERT/CC",
            id: "VU#150753",
         },
         {
            db: "CERT/CC",
            id: "VU#913449",
         },
         {
            db: "CERT/CC",
            id: "VU#687201",
         },
         {
            db: "BID",
            id: "16852",
         },
         {
            db: "BID",
            id: "16212",
         },
         {
            db: "VULHUB",
            id: "VHN-13549",
         },
         {
            db: "PACKETSTORM",
            id: "43062",
         },
      ],
      trust: 5.94,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://www.scap.org.cn/vuln/vhn-13549",
            trust: 0.1,
            type: "unknown",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-13549",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "SECUNIA",
            id: "18370",
            trust: 5.7,
         },
         {
            db: "CERT/CC",
            id: "VU#629845",
            trust: 2.6,
         },
         {
            db: "BID",
            id: "16202",
            trust: 2.5,
         },
         {
            db: "CERT/CC",
            id: "VU#687201",
            trust: 2.5,
         },
         {
            db: "NVD",
            id: "CVE-2005-2340",
            trust: 2.5,
         },
         {
            db: "BID",
            id: "16212",
            trust: 2,
         },
         {
            db: "USCERT",
            id: "TA06-011A",
            trust: 1.8,
         },
         {
            db: "OSVDB",
            id: "22334",
            trust: 1.7,
         },
         {
            db: "OSVDB",
            id: "22335",
            trust: 1.7,
         },
         {
            db: "OSVDB",
            id: "22333",
            trust: 1.7,
         },
         {
            db: "SECTRACK",
            id: "1015463",
            trust: 1.7,
         },
         {
            db: "VUPEN",
            id: "ADV-2006-0128",
            trust: 1.7,
         },
         {
            db: "SREASON",
            id: "332",
            trust: 1.7,
         },
         {
            db: "SECTRACK",
            id: "1015466",
            trust: 1.6,
         },
         {
            db: "CERT/CC",
            id: "VU#921193",
            trust: 0.9,
         },
         {
            db: "CERT/CC",
            id: "VU#115729",
            trust: 0.9,
         },
         {
            db: "CERT/CC",
            id: "VU#150753",
            trust: 0.9,
         },
         {
            db: "CERT/CC",
            id: "VU#913449",
            trust: 0.9,
         },
         {
            db: "OSVDB",
            id: "22337",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200512-952",
            trust: 0.7,
         },
         {
            db: "CERT/CC",
            id: "TA06-011A",
            trust: 0.6,
         },
         {
            db: "FULLDISC",
            id: "20060111 [CIRT.DK] APPLE QUICKTIME 7.0.3 AND EARLIER - JPG/PICT BUFFER OVERFLOW",
            trust: 0.6,
         },
         {
            db: "FULLDISC",
            id: "20060111 UPDATED ADVISORIES - INCORRECT CVE INFORMATION",
            trust: 0.6,
         },
         {
            db: "FULLDISC",
            id: "20060111 [EEYEB-20051220] APPLE QUICKTIME QTIF STACK OVERFLOW",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "8392",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "8395",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "8395※8392※8394※8393",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "8393",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "8394",
            trust: 0.6,
         },
         {
            db: "APPLE",
            id: "APPLE-SA-2006-01-10",
            trust: 0.6,
         },
         {
            db: "BUGTRAQ",
            id: "20060111 UPDATED ADVISORIES - INCORRECT CVE INFORMATION",
            trust: 0.6,
         },
         {
            db: "BUGTRAQ",
            id: "20060111 [EEYEB-20051220] APPLE QUICKTIME QTIF STACK OVERFLOW",
            trust: 0.6,
         },
         {
            db: "XF",
            id: "24054",
            trust: 0.6,
         },
         {
            db: "BID",
            id: "16852",
            trust: 0.4,
         },
         {
            db: "PACKETSTORM",
            id: "43054",
            trust: 0.2,
         },
         {
            db: "EXPLOIT-DB",
            id: "27069",
            trust: 0.1,
         },
         {
            db: "SEEBUG",
            id: "SSVID-80689",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-13549",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "43062",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#921193",
         },
         {
            db: "CERT/CC",
            id: "VU#629845",
         },
         {
            db: "CERT/CC",
            id: "VU#115729",
         },
         {
            db: "CERT/CC",
            id: "VU#150753",
         },
         {
            db: "CERT/CC",
            id: "VU#913449",
         },
         {
            db: "CERT/CC",
            id: "VU#687201",
         },
         {
            db: "VULHUB",
            id: "VHN-13549",
         },
         {
            db: "BID",
            id: "16852",
         },
         {
            db: "BID",
            id: "16212",
         },
         {
            db: "PACKETSTORM",
            id: "43054",
         },
         {
            db: "PACKETSTORM",
            id: "43062",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200512-952",
         },
         {
            db: "NVD",
            id: "CVE-2005-2340",
         },
      ],
   },
   id: "VAR-200512-0643",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-13549",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-29T22:47:55.749000Z",
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-119",
            trust: 1.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-13549",
         },
         {
            db: "NVD",
            id: "CVE-2005-2340",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 5.7,
            url: "http://docs.info.apple.com/article.html?artnum=303101",
         },
         {
            trust: 4,
            url: "http://secunia.com/advisories/18370/",
         },
         {
            trust: 2.5,
            url: "http://www.securityfocus.com/bid/16202",
         },
         {
            trust: 2,
            url: "http://www.cirt.dk/advisories/cirt-41-advisory.pdf",
         },
         {
            trust: 1.7,
            url: "http://www.securityfocus.com/bid/16212",
         },
         {
            trust: 1.7,
            url: "http://www.us-cert.gov/cas/techalerts/ta06-011a.html",
         },
         {
            trust: 1.7,
            url: "http://www.kb.cert.org/vuls/id/629845",
         },
         {
            trust: 1.7,
            url: "http://www.kb.cert.org/vuls/id/687201",
         },
         {
            trust: 1.7,
            url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html",
         },
         {
            trust: 1.7,
            url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html",
         },
         {
            trust: 1.7,
            url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html",
         },
         {
            trust: 1.7,
            url: "http://www.osvdb.org/22333",
         },
         {
            trust: 1.7,
            url: "http://www.osvdb.org/22334",
         },
         {
            trust: 1.7,
            url: "http://www.osvdb.org/22335",
         },
         {
            trust: 1.7,
            url: "http://securitytracker.com/id?1015463",
         },
         {
            trust: 1.7,
            url: "http://secunia.com/advisories/18370",
         },
         {
            trust: 1.7,
            url: "http://securityreason.com/securityalert/332",
         },
         {
            trust: 1.6,
            url: "http://securitytracker.com/alerts/2006/jan/1015466.html",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/archive/1/421547/100/0/threaded",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/archive/1/421566/100/0/threaded",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2006/0128",
         },
         {
            trust: 1.1,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054",
         },
         {
            trust: 0.8,
            url: "http://www.eeye.com/html/research/advisories/ad20060111a.html",
         },
         {
            trust: 0.8,
            url: "about vulnerability notes",
         },
         {
            trust: 0.8,
            url: "contact us about this vulnerability",
         },
         {
            trust: 0.8,
            url: "provide a vendor statement",
         },
         {
            trust: 0.8,
            url: "http://www.osvdb.org/displayvuln.php?osvdb_id=22337",
         },
         {
            trust: 0.8,
            url: "http://www.eeye.com/html/research/advisories/ad20060111d.html",
         },
         {
            trust: 0.8,
            url: "http://www.eeye.com/html/research/advisories/ad20060111b.html",
         },
         {
            trust: 0.8,
            url: "http://developer.apple.com/documentation/quicktime/ref/refimporter.4.htm",
         },
         {
            trust: 0.8,
            url: "http://docs.info.apple.com/article.html?artnum=61798",
         },
         {
            trust: 0.6,
            url: "http://www.apple.com/quicktime/",
         },
         {
            trust: 0.6,
            url: "http://xforce.iss.net/xforce/xfdb/24054",
         },
         {
            trust: 0.6,
            url: "http://www.frsirt.com/english/advisories/2006/0128",
         },
         {
            trust: 0.6,
            url: "http://www.securityfocus.com/archive/1/archive/1/421566/100/0/threaded",
         },
         {
            trust: 0.6,
            url: "http://www.securityfocus.com/archive/1/archive/1/421547/100/0/threaded",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/8395※8392※8394※8393",
         },
         {
            trust: 0.3,
            url: "/archive/1/421561",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2005-2340",
         },
         {
            trust: 0.1,
            url: "",
         },
         {
            trust: 0.1,
            url: "http://www.kb.cert.org/vuls/id/913449>",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2005-3710",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2005-4092",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092>",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710>",
         },
         {
            trust: 0.1,
            url: "http://www.kb.cert.org/vuls/id/629845>",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713>",
         },
         {
            trust: 0.1,
            url: "http://www.us-cert.gov/cas/techalerts/ta06-011a.html>",
         },
         {
            trust: 0.1,
            url: "http://www.us-cert.gov/cas/signup.html>.",
         },
         {
            trust: 0.1,
            url: "http://docs.info.apple.com/article.html?artnum=302810>",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707>",
         },
         {
            trust: 0.1,
            url: "http://www.kb.cert.org/vuls/id/115729>",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2340>",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2005-3707",
         },
         {
            trust: 0.1,
            url: "http://www.apple.com/support/downloads/quicktime704.html>",
         },
         {
            trust: 0.1,
            url: "http://www.kb.cert.org/vuls/id/921193>",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2005-3713",
         },
         {
            trust: 0.1,
            url: "http://www.kb.cert.org/vuls/id/150753>",
         },
         {
            trust: 0.1,
            url: "http://docs.info.apple.com/article.html?artnum=303101>",
         },
         {
            trust: 0.1,
            url: "http://www.us-cert.gov/legal.html>",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#921193",
         },
         {
            db: "CERT/CC",
            id: "VU#629845",
         },
         {
            db: "CERT/CC",
            id: "VU#115729",
         },
         {
            db: "CERT/CC",
            id: "VU#150753",
         },
         {
            db: "CERT/CC",
            id: "VU#913449",
         },
         {
            db: "CERT/CC",
            id: "VU#687201",
         },
         {
            db: "VULHUB",
            id: "VHN-13549",
         },
         {
            db: "BID",
            id: "16852",
         },
         {
            db: "BID",
            id: "16212",
         },
         {
            db: "PACKETSTORM",
            id: "43054",
         },
         {
            db: "PACKETSTORM",
            id: "43062",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200512-952",
         },
         {
            db: "NVD",
            id: "CVE-2005-2340",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CERT/CC",
            id: "VU#921193",
         },
         {
            db: "CERT/CC",
            id: "VU#629845",
         },
         {
            db: "CERT/CC",
            id: "VU#115729",
         },
         {
            db: "CERT/CC",
            id: "VU#150753",
         },
         {
            db: "CERT/CC",
            id: "VU#913449",
         },
         {
            db: "CERT/CC",
            id: "VU#687201",
         },
         {
            db: "VULHUB",
            id: "VHN-13549",
         },
         {
            db: "BID",
            id: "16852",
         },
         {
            db: "BID",
            id: "16212",
         },
         {
            db: "PACKETSTORM",
            id: "43054",
         },
         {
            db: "PACKETSTORM",
            id: "43062",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200512-952",
         },
         {
            db: "NVD",
            id: "CVE-2005-2340",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2006-01-11T00:00:00",
            db: "CERT/CC",
            id: "VU#921193",
         },
         {
            date: "2006-01-11T00:00:00",
            db: "CERT/CC",
            id: "VU#629845",
         },
         {
            date: "2006-01-11T00:00:00",
            db: "CERT/CC",
            id: "VU#115729",
         },
         {
            date: "2006-01-11T00:00:00",
            db: "CERT/CC",
            id: "VU#150753",
         },
         {
            date: "2006-01-11T00:00:00",
            db: "CERT/CC",
            id: "VU#913449",
         },
         {
            date: "2006-01-11T00:00:00",
            db: "CERT/CC",
            id: "VU#687201",
         },
         {
            date: "2005-12-31T00:00:00",
            db: "VULHUB",
            id: "VHN-13549",
         },
         {
            date: "2006-01-10T00:00:00",
            db: "BID",
            id: "16852",
         },
         {
            date: "2006-01-11T00:00:00",
            db: "BID",
            id: "16212",
         },
         {
            date: "2006-01-15T15:22:47",
            db: "PACKETSTORM",
            id: "43054",
         },
         {
            date: "2006-01-15T15:39:24",
            db: "PACKETSTORM",
            id: "43062",
         },
         {
            date: "2005-12-31T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200512-952",
         },
         {
            date: "2005-12-31T05:00:00",
            db: "NVD",
            id: "CVE-2005-2340",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2006-01-12T00:00:00",
            db: "CERT/CC",
            id: "VU#921193",
         },
         {
            date: "2006-01-13T00:00:00",
            db: "CERT/CC",
            id: "VU#629845",
         },
         {
            date: "2006-01-11T00:00:00",
            db: "CERT/CC",
            id: "VU#115729",
         },
         {
            date: "2006-01-13T00:00:00",
            db: "CERT/CC",
            id: "VU#150753",
         },
         {
            date: "2006-01-31T00:00:00",
            db: "CERT/CC",
            id: "VU#913449",
         },
         {
            date: "2006-01-20T00:00:00",
            db: "CERT/CC",
            id: "VU#687201",
         },
         {
            date: "2018-10-19T00:00:00",
            db: "VULHUB",
            id: "VHN-13549",
         },
         {
            date: "2015-05-12T19:49:00",
            db: "BID",
            id: "16852",
         },
         {
            date: "2007-11-15T00:35:00",
            db: "BID",
            id: "16212",
         },
         {
            date: "2006-05-24T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200512-952",
         },
         {
            date: "2024-11-20T23:59:20.787000",
            db: "NVD",
            id: "CVE-2005-2340",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "network",
      sources: [
         {
            db: "BID",
            id: "16852",
         },
         {
            db: "BID",
            id: "16212",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Apple QuickTime fails to properly handle corrupt media files",
      sources: [
         {
            db: "CERT/CC",
            id: "VU#921193",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Boundary Condition Error",
      sources: [
         {
            db: "BID",
            id: "16852",
         },
         {
            db: "BID",
            id: "16212",
         },
      ],
      trust: 0.6,
   },
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2005-2340

Vulnerability from cvelistv5

ghsa-phq6-4q25-99ph

Vulnerability from github

gsd-2005-2340

Vulnerability from gsd

fkie_cve-2005-2340

Vulnerability from fkie_nvd

var-200512-0643

Vulnerability from variot

Tags

Sightings

Nomenclature