CVE-2007-1071 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	38.15%	–	–
2022-04-03	–	–	38.15%	–	–
2023-03-12	–	–	–	59.18%	–
2023-10-15	–	–	–	58.7%	–
2023-11-19	–	–	–	59.5%	–
2024-02-11	–	–	–	59.5%	–
2024-06-02	–	–	–	59.5%	–
2024-12-22	–	–	–	68.1%	–
2025-01-12	–	–	–	75.17%	–
2025-01-19	–	–	–	75.17%	–
2025-03-18	–	–	–	–	51.31%
2025-03-30	–	–	–	–	49.84%
2025-03-30	–	–	–	–	49.84,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	97%
2022-04-03	98%
2023-03-12	97%
2023-10-15	97%
2023-11-19	97%
2024-02-11	98%
2024-06-02	98%
2024-12-22	98%
2025-01-12	98%
2025-01-19	98%
2025-03-18	98%
2025-03-30	98%
2025-03-30	98%

source: https://www.securityfocus.com/bid/22630/info Apple Mac OS X ImageIO is prone to an integer-overflow vulnerability because it fails to handle specially crafted image files. A remote attacker can exploit this issue to cause denial-of-service conditions and potentially to execute code, but this has not been confirmed. This issue affects Mac OS X 10.4.8; previous versions may also be affected. Release Date: February 19th, 2007 Severity: High Vendor: Apple Versions Affected: OSX 10.4.8 Overview: An integer overflow vulnerability exists within ImageIO when processing a malformed .gif file. This allows for an attacker to cause the application to crash, and or to execute arbitrary code on the targeted host. Technical Details: When decompressing a specially crafted .gif file, the gifGetBandProc function within ImageIO incorrectly parses the malformed data causing the application to segmentation fault. Below the crash is triggered on OS X 10.4.8 using Safari: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x3991b000 0x918f2dc5 in gifGetBandProc () (gdb) bt #0 0x918f2dc5 in gifGetBandProc () #1 0x918ec8ea in CGImagePlusUpdateCache () #2 0x918ec606 in CGImagePlusCreateImage () #3 0x952356c0 in -[WebImageData _cacheImages:allImages:] () #4 0x952355f3 in -[WebImageData imageAtIndex:] () Thread 0 crashed with i386 Thread State: eax: 0x396e2000 ebx: 0x918f2bcc ecx:0x00000033 edx: 0x00027f84 edi: 0x15fb9ad0 esi: 0x00000033 ebp:0xbfffd5d8 esp: 0xbfffd140 ss: 0x0000002f efl: 0x00010206 eip:0x918f2db7 cs: 0x00000027 ds: 0x0000002f es: 0x0000002f fs:0x00000000 gs: 0x00000037 Vendor Status: Apple was notified on 9/8/2006 Discovered by: Tom Ferris tommy[at]security-protocols[dot]com https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29620-1.gif https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29620-2.gif