Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS prior to 3.1, and iPhone OS prior to 3.1.1 for iPod touch, allow remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone_os 3.0 |
||
apple iphone_os 1.0.2 |
||
apple iphone_os 2.2 |
||
apple iphone_os |
||
apple iphone_os 1.1.1 |
||
apple iphone_os 2.0.0 |
||
apple iphone_os 1.1.2 |
||
apple iphone_os 1.1.3 |
||
apple iphone_os 1.1.0 |
||
apple iphone_os 2.0 |
||
apple iphone_os 1.0.1 |
||
apple iphone_os 2.0.2 |
||
apple iphone_os 2.0.1 |
||
apple iphone_os 2.2.1 |
||
apple iphone_os 1.1.5 |
||
apple iphone_os 1.1.4 |
||
apple iphone_os 1.0.0 |
||
apple iphone_os 2.1.1 |
||
apple iphone_os 2.1 |
||
apple iphone_os 3.0.1 |
||
apple ipod_touch |