[VIM] iMovie Format String CVE-2007-0646
Steven M. Christey
coley at linus.mitre.org
Tue May 1 01:24:19 UTC 2007
> This CVE references MOAB-30-01-2007, which covered Format String flaws
> in Help Viewer, Safari, iMovie HD and iPhoto. It also references the
> Apple Security Update 2007-004, which includes fixes for the Help Viewer
> and a separate Format String flaw in Installer. Is there any indication
> that the flaw fixed in Help Viewer is the same as Safari, iMovie and iPhoto?
Well, to make matters more confusing, CVE-2007-0647 is actually for the
MOAB Help Viewer issue, so either Apple used the wrong CVE, or they used a
single CVE when they meant for it to cover a number of issues. I'll have
to send an inquiry.
CVE-2007-0645 = iPhoto
CVE-2007-0644 = Safari
iPhoto has had its own advisories before (CVE-2007-0051), so maybe that
issue is expected to be fixed in a separate patch.
More information about the VIM