Description
A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Apple / Apple TV0 – 1.5.0
- Apple / iTunes for Windows0 – 12.13.3
References
- VENDOR_ADVISORYhttps://support.apple.com/en-us/121328
- VENDOR_ADVISORYhttps://support.apple.com/en-us/121441