Apple QuickTime PICT Processing Overflow

2006-01-11T08:48:07
ID OSVDB:22334
Type osvdb
Reporter Varun Uppal(), Fang Xing(advisories@eeye.com), Dennis Rand(advisory@cirt.dk)
Modified 2006-01-11T08:48:07

Description

Vulnerability Description

An overflow exists in QuickTime. QuickTime fails to validate certain boundaries within PICT files, resulting in a stack or heap overflow. With a specially crafted file, an attacker can cause arbitrary code execution, resulting in a loss of integrity.

Solution Description

Upgrade to version 7.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

An overflow exists in QuickTime. QuickTime fails to validate certain boundaries within PICT files, resulting in a stack or heap overflow. With a specially crafted file, an attacker can cause arbitrary code execution, resulting in a loss of integrity.

References:

Secunia Advisory ID:18370 Related OSVDB ID: 22333 Related OSVDB ID: 22336 Related OSVDB ID: 22335 Related OSVDB ID: 22337 Related OSVDB ID: 22338 Other Advisory URL: http://docs.info.apple.com/article.html?artnum=303101 Other Advisory URL: http://www.cirt.dk/advisories/cirt-41-advisory.pdf Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html Keyword: EEYEB-20051220 CVE-2005-2340 CERT VU: 629845