PT-2016-6080 · Apple · Os X

Steven Seeley

Published

2016-07-20

Updated

2017-09-01

CVE-2016-4646

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.11.6

Description The issue concerns a mishandling of a size value in audio files, allowing remote attackers to obtain sensitive information or cause a denial of service through an out-of-bounds read. This can be achieved by using a crafted audio file.

Recommendations For Apple OS X versions prior to 10.11.6, update to version 10.11.6 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-4646

ZDI-16-439

Affected Products

Os X

PT-2016-6080 · Apple · Os X

CVE-2016-4646

Weakness Enumeration

Related Identifiers

Affected Products

References · 8