CVE-2004-0169

Name of the Vulnerable Software and Affected Versions QuickTime Streaming Server versions 10.2.8 through 10.3.2

Description The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending DESCRIBE requests with long User-Agent fields. This triggers an Assert error in the BufferIsFull function.

Recommendations For versions 10.2.8 and 10.3.2, consider restricting access to the DESCRIBE request functionality until a fix is available. As a temporary workaround, limiting the length of the User-Agent field in incoming requests may help mitigate the risk of exploitation.