CVE-2005-3713 - Vulnerability Details - OpenCVE

Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.39682.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple Subscribe	Quicktime Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:apple:quicktime::::::::
	cpe:2.3:a:apple:quicktime:7.0:::::::*
	cpe:2.3:a:apple:quicktime:7.0.1:::::::*
	cpe:2.3:a:apple:quicktime:7.0.2:::::::*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html
http://docs.info.apple.com/article.html?artnum=303101
http://secunia.com/advisories/18370
http://securityreason.com/securityalert/333
http://securitytracker.com/id?1015466
http://www.eeye.com/html/research/advisories/AD20060111d.html
http://www.kb.cert.org/vuls/id/913449
http://www.osvdb.org/22338
http://www.securityfocus.com/archive/1/421547/100/0/threaded
http://www.securityfocus.com/archive/1/421561/100/0/threaded
http://www.securityfocus.com/bid/16202
http://www.us-cert.gov/cas/techalerts/TA06-011A.html
http://www.vupen.com/english/advisories/2006/0128
https://exchange.xforce.ibmcloud.com/vulnerabilities/24060

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-01-11T18:00:00

Updated: 2024-08-07T23:24:35.349Z

Reserved: 2005-11-16T00:00:00

Link: CVE-2005-3713

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-12-31T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-3713

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-10T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060111 Updated Advisories - Incorrect CVE Information", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"}, {"name": "18370", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18370"}, {"name": "TA06-011A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"}, {"name": "APPLE-SA-2006-01-10", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://docs.info.apple.com/article.html?artnum=303101"}, {"name": "quicktime-gif-bo(24060)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"}, {"name": "333", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/333"}, {"name": "ADV-2006-0128", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0128"}, {"name": "1015466", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015466"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"}, {"name": "16202", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16202"}, {"name": "VU#913449", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/913449"}, {"tags": ["x_refsource_MISC"], "url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"}, {"name": "22338", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/22338"}, {"name": "20060111 Updated Advisories - Incorrect CVE Information", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060111 Updated Advisories - Incorrect CVE Information", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"}, {"name": "18370", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18370"}, {"name": "TA06-011A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"}, {"name": "APPLE-SA-2006-01-10", "refsource": "APPLE", "url": "http://docs.info.apple.com/article.html?artnum=303101"}, {"name": "quicktime-gif-bo(24060)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"}, {"name": "333", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/333"}, {"name": "ADV-2006-0128", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0128"}, {"name": "1015466", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015466"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"}, {"name": "16202", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16202"}, {"name": "VU#913449", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/913449"}, {"name": "http://www.eeye.com/html/research/advisories/AD20060111d.html", "refsource": "MISC", "url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"}, {"name": "22338", "refsource": "OSVDB", "url": "http://www.osvdb.org/22338"}, {"name": "20060111 Updated Advisories - Incorrect CVE Information", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:24:35.349Z"}, "title": "CVE Program Container", "references": [{"name": "20060111 Updated Advisories - Incorrect CVE Information", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"}, {"name": "18370", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18370"}, {"name": "TA06-011A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"}, {"name": "APPLE-SA-2006-01-10", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=303101"}, {"name": "quicktime-gif-bo(24060)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"}, {"name": "333", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/333"}, {"name": "ADV-2006-0128", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0128"}, {"name": "1015466", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015466"}, {"name": "20060111 [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"}, {"name": "16202", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16202"}, {"name": "VU#913449", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/913449"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"}, {"name": "22338", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/22338"}, {"name": "20060111 Updated Advisories - Incorrect CVE Information", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3713", "datePublished": "2006-01-11T18:00:00", "dateReserved": "2005-11-16T00:00:00", "dateUpdated": "2024-08-07T23:24:35.349Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*", "matchCriteriaId": "02607C2D-80F9-454B-A82C-0F892826AA99", "versionEndIncluding": "7.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block."}], "id": "CVE-2005-3713", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://docs.info.apple.com/article.html?artnum=303101"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18370"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/333"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015466"}, {"source": "cve@mitre.org", "url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/913449"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/22338"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16202"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0128"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://docs.info.apple.com/article.html?artnum=303101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18370"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015466"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.eeye.com/html/research/advisories/AD20060111d.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/913449"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/22338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}