AppleThe Apple StoreiPod+iTunes.MacQuickTimeApple SupportMac OS X
Guided SearchDownloadsManualsSpecificationsDiscussionsTrainingProducts

About the security content of QuickTime 7.0.3

This document describes the security content of QuickTime 7.0.3, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How To Use The Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

QuickTime 7.0.3

  • QuickTime

    CVE-ID: CVE-2005-2753

    Available for: Mac OS X v10.3.9 or later, Microsoft Windows XP, Microsoft Windows 2000

    Impact: An integer overflow may be exploitable via remotely originated content

    Description: A sign extension of an embedded "Pascal" style string could result in a very large memory copy. The update treats the string as having unsigned length. Credit to Piotr Bania (bania.piotr@gmail.com) for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2005-2755

    Available for: Mac OS X v10.3.9 or later, Microsoft Windows XP, Microsoft Windows 2000

    Impact: A denial of service against any application loading remotely-originated content

    Description: A missing movie attribute is interpreted as an extension, but the absence of the extension is not flagged as an error, resulting in a de-reference of a NULL pointer. The update requires either the movie attribute or the extension to be present for a well-formed movie. Credit to Piotr Bania (bania.piotr@gmail.com) for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2005-2754

    Available for: Mac OS X v10.3.9 or later, Microsoft Windows XP, Microsoft Windows 2000

    Impact: An integer overflow may be exploitable via remotely originated content

    Description: Improper movie attributes could result in a very large memory copy. The update checks for a valid non-zero size before copying. Credit to Piotr Bania (bania.piotr@gmail.com) for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2005-2756

    Available for: Mac OS X v10.3.9 or later, Microsoft Windows XP, Microsoft Windows 2000

    Impact: Compressed PICT data may overwrite application memory from remotely originated content

    Description: Expansion of compressed PICT data could exceed the size of the destination buffer. The update prevents decompressed data from exceeding the destination buffer size. Credit to Piotr Bania (bania.piotr@gmail.com) for reporting this issue.

spacer
Search
Email This Article
Log in to send email
Did this article help you?
It solved my issue...
Tell us what works for you.

It's good, but...
Report typos, inaccuracies, etc.

It wasn't helpful...
Tell us what would have helped.
Languages
This article is available in the following languages:
Keywords: ktech kqt7
Article ID: 302772 Date Created: November 02, 2005 Date Modified: November 03, 2005


209.237.238.224 - - 200604190530
Copyright © 2006 Apple Computer, Inc. All rights reserved.