Apple QuickTime Missing Movie Attribute Crafted .mov DoS

2005-11-03T04:46:22
ID OSVDB:20477
Type osvdb
Reporter Piotr Bania(ania.piotr@gmail.com)
Modified 2005-11-03T04:46:22

Description

Vulnerability Description

Quicktime contains a flaw that may allow a remote denial of service. The issue is triggered when a missing attribute is not flagged as an error, which can cause a null pointer to be dereferenced, and will result in loss of availability for the application.

Solution Description

Upgrade to version 7.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Quicktime contains a flaw that may allow a remote denial of service. The issue is triggered when a missing attribute is not flagged as an error, which can cause a null pointer to be dereferenced, and will result in loss of availability for the application.

References:

Vendor Specific Advisory URL Security Tracker: 1015152 Secunia Advisory ID:17428 Related OSVDB ID: 20475 Related OSVDB ID: 20478 Related OSVDB ID: 20476 Other Advisory URL: http://pb.specialised.info/all/adv/quicktime-mov-dos-adv.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0102.html CVE-2005-2755