Vulnerability Description
Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphoto | 6.0.5 |
References
- http://projects.info-pull.com/moab/MOAB-30-01-2007.html
- http://www.digitalmunition.com/MOAB-30-01-2007.htmlVendor Advisory
- http://www.osvdb.org/32711
- http://www.securityfocus.com/bid/22326
- http://projects.info-pull.com/moab/MOAB-30-01-2007.html
- http://www.digitalmunition.com/MOAB-30-01-2007.htmlVendor Advisory
- http://www.osvdb.org/32711
- http://www.securityfocus.com/bid/22326
FAQ
What is CVE-2007-0645?
CVE-2007-0645 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when ca...
How severe is CVE-2007-0645?
CVE-2007-0645 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0645?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphoto.