CVE-2016-1848

high

Published 2016-05-20 · Modified 2026-05-06

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.8

Description

QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-39839 dos osx verified text · 2 KB

Francis Provencher · 2016-05-19

Apple QuickTime - '.mov' Parsing Memory Corruption

text exploit Source: Exploit-DB

#####################################################################################

Application: Apple Quicktime

Platforms: OSX

Author: Francis Provencher of COSIG

Website: http://www.protekresearchlab.com/

Twitter: @COSIG_ @protekresearch

CVE-2016-1848

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============

QuickTime is an extensible multimedia framework developed by Apple Inc., capable of handling various formats of digital video, picture, sound, panoramic images, and interactivity. The classic version of QuickTime is available for Windows Vista and later, as well as Mac OS X Leopard and later operating systems. A more recent version, QuickTime X, is currently available on Mac OS X Snow Leopard and newer.

(https://en.wikipedia.org/wiki/QuickTime)

#####################################################################################

============================
2) Report Timeline
============================

2016-03-14: Francis Provencher from COSIG report issue to Apple security team;
2016-03-21: Apple security team  confirmed this issue;
2016-05-17: Apple fixed this issue;

https://support.apple.com/en-us/HT206567
#####################################################################################

============================
3) Technical details
============================

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime.

User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of invalid data in the mdat atom. An attacker can use this flaw to read outside the

allocated buffer, which could allow for the execution of arbitrary code in the context of the current process.

#####################################################################################

===========

4) POC

===========

http://protekresearchlab.com/exploits/COSIG-2016-19.mov
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39839.zip

###############################################################################

OS impact

macOS Affected 1 release

Version	Status	Fixed in
—	Affected	—

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.