CVE-2010-3794

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions 10.6.x through 10.6.4 QuickTime version not specified, but affected in Mac OS X 10.6.x before 10.6.5

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted FlashPix file, due to QuickTime accessing uninitialized memory locations during the processing of FlashPix image data.

Recommendations For Mac OS X versions 10.6.x through 10.6.4, update to version 10.6.5 or later to resolve the issue. As a temporary workaround, consider avoiding the use of QuickTime to process FlashPix files until a patch is available.