Apple QuickTime QTVR Sign-Extension Heap Overflow

Aleph Research Advisory

Identifier

CVE-2008-3624

Severity

High

Product

Apple Quicktime

Vulnerable Version

QuickTime before 7.5.5

Mitigation

Install v7.5.5 or later

Technical Details

A heap buffer overflow exists in QuickTime’s handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie files. Viewing a maliciously crafted QTVR file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking of panorama atoms.

Timeline

01-Mar-17
: Added as ALEPH-2008000.
09-Sep-08
: Public disclosure.

Credit

Roee Hay (@roeehay) of Aleph Research, HCL Technologies

External References

APPLE-SA-2008-09-09 QuickTime 7.5.5