Details of VAR-200505-0440

ID

VAR-200505-0440

CVE

CVE-2005-0903

TITLE

QuickTime deformity JPEG Buffer overflow vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-650

DESCRIPTION

Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data. Apple QuickTime is reportedly prone to a buffer overflow when viewing malformed image files. This issue was reported to exist in QuickTime 6.5.1 for Windows. Other versions may also be affected. This issue may be related to BID 11553. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more

Trust: 1.26

sources: NVD: CVE-2005-0903 // BID: 12905 // VULHUB: VHN-12112

AFFECTED PRODUCTS

vendor:	apple	model:	quicktime pictureviewer	scope:	eq	version:	6.5.1	Trust: 1.6
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5.1	Trust: 0.3

sources: BID: 12905 // CNNVD: CNNVD-200505-650 // NVD: CVE-2005-0903

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0903
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200505-650
value:	LOW
Trust: 0.6
VULHUB:	VHN-12112
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2005-0903
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12112
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12112 // CNNVD: CNNVD-200505-650 // NVD: CVE-2005-0903

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0903

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-650

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200505-650

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-12112

EXTERNAL IDS

db:	BID	id:	12905	Trust: 2.0
db:	NVD	id:	CVE-2005-0903	Trust: 1.7
db:	CNNVD	id:	CNNVD-200505-650	Trust: 0.7
db:	BUGTRAQ	id:	20050326 QUICKTIME MALFORMED JPEG BUFFER OVERFLOW	Trust: 0.6
db:	SEEBUG	id:	SSVID-78947	Trust: 0.1
db:	EXPLOIT-DB	id:	25281	Trust: 0.1
db:	VULHUB	id:	VHN-12112	Trust: 0.1

sources: VULHUB: VHN-12112 // BID: 12905 // CNNVD: CNNVD-200505-650 // NVD: CVE-2005-0903

REFERENCES

url:	http://www.securityfocus.com/bid/12905	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=111186277521713&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=111186277521713&w=2	Trust: 0.6
url:	http://www.apple.com/quicktime/	Trust: 0.3
url:	/archive/1/394309	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=111186277521713&w=2	Trust: 0.1

sources: VULHUB: VHN-12112 // BID: 12905 // CNNVD: CNNVD-200505-650 // NVD: CVE-2005-0903

CREDITS

liquid※ liquid@cyberspace.org

Trust: 0.6

sources: CNNVD: CNNVD-200505-650

SOURCES

db:	VULHUB	id:	VHN-12112
db:	BID	id:	12905
db:	CNNVD	id:	CNNVD-200505-650
db:	NVD	id:	CVE-2005-0903

LAST UPDATE DATE

2024-08-14T15:31:10.907000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12112	date:	2016-10-18T00:00:00
db:	BID	id:	12905	date:	2005-03-26T00:00:00
db:	CNNVD	id:	CNNVD-200505-650	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0903	date:	2016-10-18T03:15:32.327

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12112	date:	2005-05-02T00:00:00
db:	BID	id:	12905	date:	2005-03-26T00:00:00
db:	CNNVD	id:	CNNVD-200505-650	date:	2005-03-28T00:00:00
db:	NVD	id:	CVE-2005-0903	date:	2005-05-02T04:00:00