CVE-2010-0059

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions prior to 10.6.3

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via crafted audio content with QDM2 encoding. This is due to inconsistent length fields, which triggers a buffer overflow. The problem is related to QDCA in CoreAudio.

Recommendations For Apple Mac OS X versions prior to 10.6.3, update to version 10.6.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of QDM2 encoded audio content until the update is applied.