|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
The specific flaw exists within how the application parses a header containing codec-specific data. When handling an error case, the application will forget to initialize a pointer which will later be used in a memory operation. This can lead to code execution under the context of the application.
Apple has issued an update to correct this vulnerability. More details can be found at:
pa_kt / twitter.com/pa_kt / e1c14ba6