What is the severity of CVE-2024-44157?

CVE-2024-44157 is a critical vulnerability due to its potential to cause unexpected system termination.

How do I fix CVE-2024-44157?

To fix CVE-2024-44157, update iTunes for Windows to version 12.13.3 or later and Apple TV for Windows to version 1.5.0.152 or later.

Which software is affected by CVE-2024-44157?

CVE-2024-44157 affects iTunes for Windows version up to 12.13.3 and Apple TV for Windows version up to 1.5.0.152.

What type of vulnerability is CVE-2024-44157?

CVE-2024-44157 is classified as a stack buffer overflow vulnerability.

What can exploit CVE-2024-44157?

CVE-2024-44157 can be exploited through maliciously crafted video files that are parsed by the affected software.

Vulnerability/
CVE-2024-44157

medium

5.5

CWE

119 20 787 120

12/9/2024

11/10/2024

12/12/2024

CVE-2024-44157: Buffer Overflow

First published: Thu Sep 12 2024(Updated: )

A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.

Credit: product-security@apple.com Mads Ball Bocheng Xiang with Fudan University Willy R. Vasquez The University of Texas at AustinSrikanth Narayanaraju

Affected Software	Affected Version	How to fix
Apple TV	<1.5.0.152	1.5.0.152
iTunes	<12.13.3	12.13.3
Apple TV	<1.5.0.152
iTunes	<12.13.3

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/121441 (Advisory)
https://support.apple.com/en-us/121328 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2024-44157?
CVE-2024-44157 is a critical vulnerability due to its potential to cause unexpected system termination.
How do I fix CVE-2024-44157?
To fix CVE-2024-44157, update iTunes for Windows to version 12.13.3 or later and Apple TV for Windows to version 1.5.0.152 or later.
Which software is affected by CVE-2024-44157?
CVE-2024-44157 affects iTunes for Windows version up to 12.13.3 and Apple TV for Windows version up to 1.5.0.152.
What type of vulnerability is CVE-2024-44157?
CVE-2024-44157 is classified as a stack buffer overflow vulnerability.
What can exploit CVE-2024-44157?
CVE-2024-44157 can be exploited through maliciously crafted video files that are parsed by the affected software.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/event
agent/last-modified-date
agent/weakness
agent/source
agent/first-publish-date
agent/author
agent/description
collector/apple-support
source/Apple
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
alias/CVE-2024-44157
collector/nvd-api
source/NVD
vendor/apple
canonical/apple tv
canonical/itunes

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.