Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability

ID ZDI-09-021
Type zdi
Reporter Damian Put, Sebastian Apelt
Modified 2009-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists when the application parses a malformed .PICT image. While decoding a tag 0x77 in the image, the application misuses a 16-bit length when allocating tag data. When copying tag data into this buffer, a heap overflow occurs. This can lead to code execution under the context of the current user.