CVE-2007-0588

Name of the Vulnerable Software and Affected Versions Apple Quicktime versions 7.1.3 and earlier

Description The issue allows remote attackers to cause a denial of service, potentially leading to application crashes, and possibly execute arbitrary code via a crafted PICT file. This is due to memory corruption in the GetSrcBits32ARGB function triggered by the InternalUnpackBits function in Apple QuickDraw.

Recommendations For Apple Quicktime versions 7.1.3 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, avoid using the InternalUnpackBits function until a patch is available. Restrict access to crafted PICT files to minimize the risk of triggering memory corruption in the GetSrcBits32ARGB function.