CVE-2010-0520

Name of the Vulnerable Software and Affected Versions QuickTime versions prior to 10.6.3

Description The issue is related to a heap-based buffer overflow in QuickTime, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted FLC file. This is due to improper handling of crafted DELTA FLI chunks and untrusted length values in a .fli file during decompression. The vulnerability can also be triggered by a crafted movie file with FLC encoding.

Recommendations For versions prior to 10.6.3, update to version 10.6.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of FLC encoded files until the update is applied. Restrict access to untrusted .fli files to minimize the risk of exploitation.