Sign-up

ID

VAR-201607-0305


CVE

CVE-2016-4649


TITLE

Apple OS X Denial of Service in Japanese Audio (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004023

DESCRIPTION

Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. Supplementary information : CWE Vulnerability types by CWE-476: NULL Pointer Dereference (NULL Pointer dereferencing ) Has been identified. http://cwe.mitre.org/data/definitions/476.htmlDenial of service by local user (NULL Pointer dereferencing ) May be in a state. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. Audio is one of the audio components

Trust: 1.98

sources: NVD: CVE-2016-4649 // JVNDB: JVNDB-2016-004023 // BID: 91824 // VULHUB: VHN-93468

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.11.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11 and later

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.11.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016

Trust: 0.3

sources: BID: 91824 // JVNDB: JVNDB-2016-004023 // NVD: CVE-2016-4649 // CNNVD: CNNVD-201607-898

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-4649
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201607-898
value: LOW

Trust: 0.6

VULHUB: VHN-93468
value: LOW

Trust: 0.1

NVD:
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: TRUE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-4649
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-93468
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2016-4649
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-93468 // JVNDB: JVNDB-2016-004023 // NVD: CVE-2016-4649 // CNNVD: CNNVD-201607-898

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-93468 // JVNDB: JVNDB-2016-004023 // NVD: CVE-2016-4649

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201607-898

TYPE

Unknown

Trust: 0.3

sources: BID: 91824

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-4649

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/ht201222
Trust: 0.8
title:APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004url:http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html
Trust: 0.8
title:HT206903url:https://support.apple.com/en-us/ht206903
Trust: 0.8
title:HT206903url:https://support.apple.com/ja-jp/ht206903
Trust: 0.8
title:Apple OS X Audio Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63258
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004023 // 
            
            
            
            CNNVD: CNNVD-201607-898

EXTERNAL IDS
db:NVDid:CVE-2016-4649
Trust: 2.8
db:BIDid:91824
Trust: 1.4
db:SECTRACKid:1036348
Trust: 1.1
db:JVNid:JVNVU94844193
Trust: 0.8
db:JVNDBid:JVNDB-2016-004023
Trust: 0.8
db:CNNVDid:CNNVD-201607-898
Trust: 0.7
db:ZDIid:ZDI-16-496
Trust: 0.3
db:ZDIid:ZDI-16-437
Trust: 0.3
db:ZDIid:ZDI-16-431
Trust: 0.3
db:ZDIid:ZDI-16-435
Trust: 0.3
db:VULHUBid:VHN-93468
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93468 // 
            
            
            
            BID: 91824 // 
            
            
            
            JVNDB: JVNDB-2016-004023 // 
            
            
            
            NVD: CVE-2016-4649 // 
            
            
            
            CNNVD: CNNVD-201607-898

REFERENCES
url:http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html
Trust: 1.1
url:http://www.securityfocus.com/bid/91824
Trust: 1.1
url:https://support.apple.com/ht206903
Trust: 1.1
url:http://www.securitytracker.com/id/1036348
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4649
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94844193/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4649
Trust: 0.8
url:http://lists.apple.com/archives/security-announce/2016/jul/msg00004.html
Trust: 0.6
url:https://support.apple.com/ht206902
Trust: 0.6
url:https://support.apple.com/ht206900
Trust: 0.6
url:http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html
Trust: 0.6
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-431/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-435/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-437/
Trust: 0.3
url:apple os x acmp4aacbasedecoder out-of-bounds read information disclosure vulnerability
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-496/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-93468 // 
            
            
            
            BID: 91824 // 
            
            
            
            JVNDB: JVNDB-2016-004023 // 
            
            
            
            NVD: CVE-2016-4649 // 
            
            
            
            CNNVD: CNNVD-201607-898

CREDITS
Jonathan Lewis from DeARX Services (PTY) LTD, Ke Liu of Tencent's Xuanwu Lab, Ian Beer of Google Project Zero, Tyler Bohan of Cisco Talos, Stefan Esser of SektionEins, Yubin Fu of Tencent KeenLab working with TrendMicro's Zero Day Initiative, Abhinav Bansa
Trust: 0.3
sources:
            
            
            BID: 91824

SOURCES
db:VULHUBid:VHN-93468
db:BIDid:91824
db:JVNDBid:JVNDB-2016-004023
db:NVDid:CVE-2016-4649
db:CNNVDid:CNNVD-201607-898

LAST UPDATE DATE
2023-12-18T11:38:25.451000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93468date:2017-09-01T00:00:00
db:BIDid:91824date:2016-08-29T19:00:00
db:JVNDBid:JVNDB-2016-004023date:2016-07-28T00:00:00
db:NVDid:CVE-2016-4649date:2017-09-01T01:29:26.710
db:CNNVDid:CNNVD-201607-898date:2016-07-26T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-93468date:2016-07-22T00:00:00
db:BIDid:91824date:2016-07-18T00:00:00
db:JVNDBid:JVNDB-2016-004023date:2016-07-28T00:00:00
db:NVDid:CVE-2016-4649date:2016-07-22T03:00:08.153
db:CNNVDid:CNNVD-201607-898date:2016-07-26T00:00:00