OpenCVE

Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Quicktime

Configuration 1 [-]

OR	cpe:2.3:a:apple:quicktime::::::::
	cpe:2.3:a:apple:quicktime:7.0:::::::*
	cpe:2.3:a:apple:quicktime:7.0.1:::::::*
	cpe:2.3:a:apple:quicktime:7.0.2:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html
http://docs.info.apple.com/article.html?artnum=303101
http://secunia.com/advisories/18370
http://securityreason.com/securityalert/333
http://securitytracker.com/id?1015466
http://www.eeye.com/html/research/advisories/AD20060111d.html
http://www.kb.cert.org/vuls/id/913449
http://www.osvdb.org/22338
http://www.securityfocus.com/archive/1/421547/100/0/threaded
http://www.securityfocus.com/archive/1/421561/100/0/threaded
http://www.securityfocus.com/bid/16202
http://www.us-cert.gov/cas/techalerts/TA06-011A.html
http://www.vupen.com/english/advisories/2006/0128
https://exchange.xforce.ibmcloud.com/vulnerabilities/24060

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-01-11T18:00:00

Updated: 2024-08-07T23:24:35.349Z

Reserved: 2005-11-16T00:00:00

Link: CVE-2005-3713

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-12-31T05:00:00.000

Modified: 2024-11-21T00:02:30.143

Link: CVE-2005-3713

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-10T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060111 Updated Advisories - Incorrect CVE Information", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"}, {"name": "18370", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18370"}, {"name": "TA06-011A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"}, {"name": "APPLE-SA-2006-01-10", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://docs.info.apple.com/article.html?artnum=303101"}, {"name": "quicktime-gif-bo(24060)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"}, {"name": "333", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/333"}, {"name": "ADV-2006-0128", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0128"}, {"name": "1015466", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015466"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"}, {"name": "16202", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16202"}, {"name": "VU#913449", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/913449"}, {"tags": ["x_refsource_MISC"], "url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"}, {"name": "22338", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/22338"}, {"name": "20060111 Updated Advisories - Incorrect CVE Information", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060111 Updated Advisories - Incorrect CVE Information", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"}, {"name": "18370", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18370"}, {"name": "TA06-011A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"}, {"name": "APPLE-SA-2006-01-10", "refsource": "APPLE", "url": "http://docs.info.apple.com/article.html?artnum=303101"}, {"name": "quicktime-gif-bo(24060)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"}, {"name": "333", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/333"}, {"name": "ADV-2006-0128", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0128"}, {"name": "1015466", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015466"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"}, {"name": "16202", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16202"}, {"name": "VU#913449", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/913449"}, {"name": "http://www.eeye.com/html/research/advisories/AD20060111d.html", "refsource": "MISC", "url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"}, {"name": "22338", "refsource": "OSVDB", "url": "http://www.osvdb.org/22338"}, {"name": "20060111 Updated Advisories - Incorrect CVE Information", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:24:35.349Z"}, "title": "CVE Program Container", "references": [{"name": "20060111 Updated Advisories - Incorrect CVE Information", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"}, {"name": "18370", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18370"}, {"name": "TA06-011A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"}, {"name": "APPLE-SA-2006-01-10", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=303101"}, {"name": "quicktime-gif-bo(24060)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"}, {"name": "333", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/333"}, {"name": "ADV-2006-0128", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0128"}, {"name": "1015466", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015466"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"}, {"name": "16202", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16202"}, {"name": "VU#913449", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/913449"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"}, {"name": "22338", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/22338"}, {"name": "20060111 Updated Advisories - Incorrect CVE Information", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3713", "datePublished": "2006-01-11T18:00:00", "dateReserved": "2005-11-16T00:00:00", "dateUpdated": "2024-08-07T23:24:35.349Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*", "matchCriteriaId": "02607C2D-80F9-454B-A82C-0F892826AA99", "versionEndIncluding": "7.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block."}], "id": "CVE-2005-3713", "lastModified": "2024-11-21T00:02:30.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://docs.info.apple.com/article.html?artnum=303101"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18370"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/333"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015466"}, {"source": "cve@mitre.org", "url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/913449"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/22338"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16202"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0128"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://docs.info.apple.com/article.html?artnum=303101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18370"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015466"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/913449"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/22338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}