Vulnerability Note VU#855118
Apple QuickTime PictureViewer PICT data decompression buffer overflow
Apple QuickTime PictureViewer contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system.
Apple's QuickTime Player is multimedia software that allows users to view local and remote audio/video content. PictureViewer is a QuickTime component used to view still images. A lack of input validation in Apple QuickTime PictureViewer may allow a buffer overflow to occur. The overflow occurs because PictureViewer does not properly validate the size of compressed PICT data. When PictureViewer decompresses the PICT data, that data is copied to a buffer of insufficient size resulting in a buffer overflow.
For more information, please see Apple Security Update for QuickTime.
A remote attacker may be able to execute arbitrary code if they can persuade a user to access a specially crafted compressed PICT file.
Do not access PICT files from untrusted sources
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||07 Nov 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by Apple Product Security. Apple credits Piotr Bania with providing information regarding this issue.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2005-2756
- Date Public: 04 Nov 2005
- Date First Published: 08 Nov 2005
- Date Last Updated: 08 Nov 2005
- Severity Metric: 8.61
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.