PT-2007-2046 · Apple · Apple Quicktime+1

Mike Price

Published

2007-01-30

Updated

2013-08-15

CVE-2007-0588

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apple Quicktime versions 7.1.3 and earlier

Description The issue allows remote attackers to cause a denial of service, potentially leading to application crashes, and possibly execute arbitrary code via a crafted PICT file. This is due to memory corruption in the GetSrcBits32ARGB function triggered by the InternalUnpackBits function in Apple QuickDraw.

Recommendations For Apple Quicktime versions 7.1.3 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, avoid using the InternalUnpackBits function until a patch is available. Restrict access to crafted PICT files to minimize the risk of triggering memory corruption in the GetSrcBits32ARGB function.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0588

Affected Products

Quickdraw

Apple Quicktime

PT-2007-2046 · Apple · Apple Quicktime+1

CVE-2007-0588

Related Identifiers

Affected Products

References · 11