Signature Detail

HTTP: Apple QuickTime PictureViewer Buffer Overflow

A vulnerability exists in the PictureViewer component of the Apple QuickTime products. The affected product does not correctly process JPEG image files, allowing for a buffer overflow condition to be triggered by a malicious JPEG image. This flaw may allow an attacker to exploit the vulnerable product in order to create a denial of service condition or execute arbitrary code on the vulnerable system. In a simple attack case, the affected application will terminate upon opening of the malicious JPEG image file. In a more sophisticated attack scenario, where code injection and execution is attempted, the behaviour of the target is dependent on the intention of the injected code.

Extended Description

Apple QuickTime is reportedly prone to a buffer overflow when viewing malformed image files. This issue was reported to exist in QuickTime 6.5.1 for Windows. Other versions may also be affected. This issue may be related to BID 11553.

Affected Products

• Apple QuickTime Player 6.5.1

References

• BugTraq: 12905
• CVE: CVE-2005-0903