Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 01:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/36677 - Vendor Advisory | |
References | () http://support.apple.com/kb/HT3860 - Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/506464/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/36338 - | |
References | () http://www.securitytracker.com/id?1022869 - | |
References | () http://www.trapkit.de/advisories/TKADV2009-007.txt - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/53180 - |
09 Aug 2022, 13:48
Type | Values Removed | Values Added |
---|---|---|
CPE |
Information
Published : 2009-09-10 21:30
Updated : 2024-11-21 01:04
NVD link : CVE-2009-2206
Mitre link : CVE-2009-2206
CVE.ORG link : CVE-2009-2206
JSON object : View
Products Affected
apple
- iphone_os
- ipod_touch
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer