4 matches found
Apple QuickTime Image Description Atom Sign Extension Memory Corruption (CVE-2009-0955)
QuickTime is a media player application developed by Apple. It is capable of playing back numerous multimedia file formats from local file system or remote servers. There exists a sign extension based memory corruption vulnerability in Apple QuickTime. The vulnerability is due to improper...
Advisory: Apple QuickTime Image Description Atom Sign Extension Memory Corruption
INTRODUCTION ============ According to QuickTime's specification, The sample description atom STSD stores information that allows QuickTime to decode samples in the media. It has the following structure: 0 DWORD Size 4 DWORD Type 8 BYTE Version 9 BYTE3 FLAGS 12 DWORD Number of entries 16 DWORD...
CVE-2009-0955
CVE-2009-0955 affects Apple QuickTime prior to 7.6.2 due to a sign-extension vulnerability in the Image Description Atom handling for Apple Video files. A remote attacker could entice a user to open a crafted QuickTime movie, triggering a memory corruption flaw that may lead to arbitrary code exe...
QuickTime < 7.6.2 Multiple Vulnerabilities (Mac OS X)
The version of QuickTime installed on the remote Mac OS X host is older than 7.6.2. Such versions contain several vulnerabilities : - A heap buffer overflow in QuickTime's handling of MS ADPCM encoded audio data may lead to an application crash or arbitrary code execution. CVE-2009-0185 - A memor...