search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Apple QuickTime/Darwin Streaming Server integer overflow in MP3Broadcaster utility

Vulnerability Note VU#148564

Original Release Date: 2003-12-23 | Last Revised: 2003-12-23


Apple's QuickTime and Darwin Streaming Server (DSS) package includes a utility called MP3Broadcaster. This utility contains an integer overflow which may be exploited to cause a denial of service.


Apple's QuickTime and Darwin Streaming Server is software which provides integrated distribution of various forms of digital content. Such content can be delivered over a network using Real-Time Transport Protocol (RTP) and Real-Time Streaming Protocol (RTSP). Streaming media content can include files encoded in QuickTime, MPEG, and MP3 formats. A utility package called MP3Broadcaster contains an integer overflow vulnerability. Like buffer overflows, an integer overflow may be exploited to cause affected software to crash. Under certain circumstances, an integer overflow has the potential to be allow an attacker to exploit arbitrary code, but in this case, does not appear possible.

The integer overflow in MP3Broadcaster in DSS 4.1.3 is triggered when parsing malformed ID3 tags within crafted MP3 files. This vulnerability only has the potential to be exploited by remote attackers if they can get vulnerable servers to parse malicious MP3 files (i.e., by uploading a file).


Exploitation of this vulnerability may lead to denial of service.


The CERT/CC is currently unaware of a practical solution to this problem.

Ensure unauthenticated remote broadcasts is disabled.

Vendor Information


Apple Computer Inc. Affected

Notified:  May 22, 2003 Updated: December 23, 2003



Vendor Statement

To exploit this vulnerability, a malicious user would need to first place a specially-crafted file onto the server, then execute the MP3Broadcaster utility. This requires a user account, and the way to address the issue is to only provide user accounts to trusted individuals. Exploiting the vulnerability does not result in elevated privileges.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



Sir Mordred reported this vulnerability in several public forums.

This document was written by Jeffrey S. Havrilla.

Other Information

CVE IDs: None
Severity Metric: 4.69
Date Public: 2003-05-22
Date First Published: 2003-12-23
Date Last Updated: 2003-12-23 16:01 UTC
Document Revision: 10

Sponsored by CISA.