[VIM] iMovie Format String CVE-2007-0646

Steven M. Christey coley at linus.mitre.org
Tue May 1 01:24:19 UTC 2007

> This CVE references MOAB-30-01-2007, which covered Format String flaws
> in Help Viewer, Safari, iMovie HD and iPhoto.  It also references the
> Apple Security Update 2007-004, which includes fixes for the Help Viewer
> and a separate Format String flaw in Installer.  Is there any indication
> that the flaw fixed in Help Viewer is the same as Safari, iMovie and iPhoto?

Well, to make matters more confusing, CVE-2007-0647 is actually for the
MOAB Help Viewer issue, so either Apple used the wrong CVE, or they used a
single CVE when they meant for it to cover a number of issues.  I'll have
to send an inquiry.

CVE-2007-0645 = iPhoto
CVE-2007-0644 = Safari

iPhoto has had its own advisories before (CVE-2007-0051), so maybe that
issue is expected to be fixed in a separate patch.

- Steve

More information about the VIM mailing list