CVE-2008-3627

Vulnerability Description

Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.htmlMailing ListVendor Advisory
• http://secunia.com/advisories/31821Third Party Advisory
• http://securitytracker.com/id?1020841Third Party AdvisoryVDB Entry
• http://support.apple.com/kb/HT3027Vendor Advisory
• http://www.securityfocus.com/archive/1/496163/100/0/threaded
• http://www.securityfocus.com/archive/1/496175/100/0/threaded
• http://www.securityfocus.com/archive/1/496176/100/0/threaded
• http://www.securityfocus.com/bid/31086PatchThird Party AdvisoryVDB Entry
• http://www.vupen.com/english/advisories/2008/2527Third Party Advisory
• http://www.zerodayinitiative.com/advisories/ZDI-08-060/Third Party AdvisoryVDB Entry
• http://www.zerodayinitiative.com/advisories/ZDI-08-061/Third Party AdvisoryVDB Entry
• http://www.zerodayinitiative.com/advisories/ZDI-08-062/Third Party AdvisoryVDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
• http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.htmlMailing ListVendor Advisory
• http://secunia.com/advisories/31821Third Party Advisory