CVE-2024-44157

A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121328	Vendor Advisory
https://support.apple.com/en-us/121441	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:apple_tv::::::windows::*
	cpe:2.3:a:apple:itunes::::::windows::*

History

12 Dec 2024, 19:09

Type	Values Removed	Values Added
First Time		Apple Apple itunes Apple apple Tv
References	~~() https://support.apple.com/en-us/121328 -~~	() https://support.apple.com/en-us/121328 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121441 -~~	() https://support.apple.com/en-us/121441 - Vendor Advisory
CWE		CWE-787
CPE		cpe:2.3:a:apple:apple_tv::::::windows::* cpe:2.3:a:apple:itunes::::::windows::*

27 Oct 2024, 02:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-120

15 Oct 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) Se solucionó un desbordamiento del búfer de pila mediante una validación de entrada mejorada. Este problema se solucionó en Apple TV 1.5.0.152 para Windows y iTunes 12.13.3 para Windows. El análisis de un archivo de video manipulado con fines malintencionados puede provocar la finalización inesperada del sistema.

11 Oct 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-11 18:15

Updated : 2024-12-12 19:09

NVD link : CVE-2024-44157

Mitre link : CVE-2024-44157

CVE.ORG link : CVE-2024-44157

JSON object : View

Products Affected

apple

itunes
apple_tv

CWE

CWE-787

Out-of-bounds Write

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2024-44157", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-10-11T18:15:08.030", "references": [{"url": "https://support.apple.com/en-us/121328", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/121441", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination."}, {"lang": "es", "value": "Se solucion\u00f3 un desbordamiento del b\u00fafer de pila mediante una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en Apple TV 1.5.0.152 para Windows y iTunes 12.13.3 para Windows. El an\u00e1lisis de un archivo de video manipulado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada del sistema."}], "lastModified": "2024-12-12T19:09:01.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:apple_tv:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "DC7E2D9D-943F-44E7-9186-4D2C907782F1", "versionEndExcluding": "1.5.0.152"}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "412B31BD-4C6E-49D3-800B-D1FC41A72E67", "versionEndExcluding": "12.13.3"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}