Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6673 | signature vdb entry |
| http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | patch vendor advisory |
| http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html | vendor advisory |
| http://www.zerodayinitiative.com/advisories/ZDI-10-037 | |
| http://support.apple.com/kb/HT4077 | patch vendor advisory |
| http://www.securityfocus.com/archive/1/510511/100/0/threaded | mailing list |