CVE-2012-0677

Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.

Published: Jun 12, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-0677
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
apple / itunes	10.5.2	10.5.2.x
apple / itunes	10.0.1	10.0.1.x
apple / itunes	10.0	10.0.x
apple / itunes	10.1.1	10.1.1.x
apple / itunes	10.1	10.1.x
apple / itunes	10.3.1	10.3.1.x
apple / itunes	10.4	10.4.x
apple / itunes	10.4.1.10	10.4.1.10.x
apple / itunes	10.4.1	10.4.1.x
apple / itunes	10.1.1.4	10.1.1.4.x
apple / itunes	10.5	10.5.x
apple / itunes	10.5.1	10.5.1.x
apple / itunes	10.5.3	10.5.3.x
apple / itunes	10.1.2	10.1.2.x
apple / itunes	-	10.6.1.x
apple / itunes	10.6	10.6.x
apple / itunes	10.2.2.12	10.2.2.12.x
apple / itunes	10.2	10.2.x
apple / itunes	10.4.0.80	10.4.0.80.x
apple / itunes	10.5.1.42	10.5.1.42.x
apple / itunes	10.3	10.3.x

Vulnerability Database

291,049

CVE-2012-0677