CVE-2008-3626

Name of the Vulnerable Software and Affected Versions Apple QuickTime versions prior to 7.5.5

Description The issue arises from the improper handling of a large entry in the sample size table in STSZ atoms by the CallComponentFunctionWithStorage function. This allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted movie file.

Recommendations For versions prior to 7.5.5, update to version 7.5.5 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted movie files that could exploit this issue until a patch is applied.