VYPR

Iphoto

by Apple Inc.

CVEs (5)

  • CVE-2007-0051Jan 4, 2007
    risk 0.04cvss epss 0.09

    Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.

  • CVE-2008-0830Feb 19, 2008
    risk 0.03cvss epss 0.02

    The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043.

  • CVE-2007-0645Feb 1, 2007
    risk 0.03cvss epss 0.02

    Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.

  • CVE-2008-0987Mar 18, 2008
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.

  • CVE-2008-0043Feb 8, 2008
    risk 0.00cvss epss 0.04

    Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions.