Apple QuickTime Malformed qtif Image Parsing DoS

2005-01-24T07:38:37
ID OSVDB:13347
Type osvdb
Reporter ATmaCA(atmaca@icqmail.com)
Modified 2005-01-24T07:38:37

Description

Vulnerability Description

The 'quicktime.qts' component in Apple QuickTime contains a flaw that may allow a remote denial of service. The issue is triggered when parsing QuickTime image files (.qtif) with incomplete headers. By creating a malformed image file, a remote attacker could cause a Web browser or PictureViewer to crash, resulting in a loss of availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

The 'quicktime.qts' component in Apple QuickTime contains a flaw that may allow a remote denial of service. The issue is triggered when parsing QuickTime image files (.qtif) with incomplete headers. By creating a malformed image file, a remote attacker could cause a Web browser or PictureViewer to crash, resulting in a loss of availability.

References:

Vendor URL: http://www.apple.com/quicktime/ Security Tracker: 1012991 ISS X-Force ID: 19059