Apple QuickTime QTVR Sign-Extension Heap Overflow

Aleph Research Advisory

Identifier

CVE-2008-3624

Severity

High

Product

Apple Quicktime

Vulnerable Version

QuickTime before 7.5.5

Mitigation

Install v7.5.5 or later

Technical Details

A heap buffer overflow exists in QuickTime’s handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie files. Viewing a maliciously crafted QTVR file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking of panorama atoms.

Timeline

01-Mar-17
: Added as
09-Sep-08
: Public disclosure

Credit

roeeh of Aleph Research, HCL Software