Unrated severityNVD Advisory· Published Nov 7, 2007· Updated Apr 23, 2026
CVE-2007-4676
CVE-2007-4676
Description
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
Affected products
5cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- docs.info.apple.com/article.htmlnvdVendor Advisory
- lists.apple.com/archives/Security-announce/2007/Nov/msg00000.htmlnvdVendor Advisory
- secunia.com/advisories/27523nvdThird Party Advisory
- securityreason.com/securityalert/3351nvdThird Party Advisory
- www.kb.cert.org/vuls/id/690515nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/archive/1/483311/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/483313/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/26345nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA07-310A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2007/3723nvdThird Party Advisory
- www.zerodayinitiative.com/advisories/ZDI-07-066.htmlnvdThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-07-067.htmlnvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/38280nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/38281nvdThird Party AdvisoryVDB Entry
- osvdb.org/38546nvdBroken Link
News mentions
0No linked articles in our index yet.