CVE-2024-44157

Published: Oct 11, 2024Modified: Dec 12, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.

Affected (2)

Products: Apple: Apple Tv, Itunes

Apple

2 products

Apple Tv

Itunes

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Apple Tv	Before 1.5.0.152
Apple Itunes	Before 12.13.3

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://support.apple.com/en-us/121328

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/121441

Source: product-security@apple.com

Vendor Advisory

Timeline

No history available yet.