CVE-2009-2206

Sažetak

Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.

Reference

http://support.apple.com/kb/HT3860
http://secunia.com/advisories/36677
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
http://www.trapkit.de/advisories/TKADV2009-007.txt
http://www.securitytracker.com/id?1022869
http://www.securityfocus.com/bid/36338
https://exchange.xforce.ibmcloud.com/vulnerabilities/53180
http://www.securityfocus.com/archive/1/506464/100/0/threaded

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-08-2022 - 13:48

Objavljeno

10-09-2009 - 21:30