CoreAudio
by Apple Inc.
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-0036 | Hig | 0.51 | 7.8 | 0.04 | Jan 20, 2010 | Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file. | ||
| CVE-2010-0060 | 0.00 | — | 0.03 | Mar 30, 2010 | CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding. | |||
| CVE-2007-3747 | 0.00 | — | 0.03 | Aug 3, 2007 | The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet. | |||
| CVE-2007-3746 | 0.00 | — | 0.03 | Aug 3, 2007 | The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet. | |||
| CVE-2007-3745 | 0.00 | — | 0.03 | Aug 3, 2007 | The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. |
- risk 0.51cvss 7.8epss 0.04
Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.
- CVE-2010-0060Mar 30, 2010risk 0.00cvss —epss 0.03
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.
- CVE-2007-3747Aug 3, 2007risk 0.00cvss —epss 0.03
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet.
- CVE-2007-3746Aug 3, 2007risk 0.00cvss —epss 0.03
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet.
- CVE-2007-3745Aug 3, 2007risk 0.00cvss —epss 0.03
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code.