HTTP: Apple QuickTime PictureViewer Buffer Overflow
A vulnerability exists in the PictureViewer component of the Apple QuickTime products. The affected product does not correctly process JPEG image files, allowing for a buffer overflow condition to be triggered by a malicious JPEG image. This flaw may allow an attacker to exploit the vulnerable product in order to create a denial of service condition or execute arbitrary code on the vulnerable system. In a simple attack case, the affected application will terminate upon opening of the malicious JPEG image file. In a more sophisticated attack scenario, where code injection and execution is attempted, the behaviour of the target is dependent on the intention of the injected code.
Extended Description
Apple QuickTime is reportedly prone to a buffer overflow when viewing malformed image files. This issue was reported to exist in QuickTime 6.5.1 for Windows. Other versions may also be affected. This issue may be related to BID 11553.
Affected Products
Apple quicktime_player
Short Name
HTTP:STC:DL:QT-PV-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apple Buffer CVE-2005-0903 Overflow PictureViewer QuickTime bid:12905
Release Date
12/21/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Apple
CVSS Score
2.6