About the security content of QuickTime 7.4

This document describes the security content of QuickTime 7.4, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

 

This article has been archived and is no longer updated by Apple.

QuickTime 7.4

  • QuickTime

    CVE-ID: CVE-2008-0031

    Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in QuickTime's handling of Sorenson 3 video files. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Sorenson 3 video files. Credit to Joe Schottman of Virginia Tech for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2008-0032

    Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in QuickTime's handling of Macintosh Resource records in movie files. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of movie files. Credit to Jun Mao of VeriSign iDefense Labs for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2008-0033

    Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in QuickTime's parsing of Image Descriptor (IDSC) atoms. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Image Descriptor atoms in movie files. Credit to Cody Pierce of TippingPoint DVLabs for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2008-0036

    Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2

    Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow may occur while processing a compressed PICT image. Opening a maliciously crafted compressed PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by terminating decoding when the result would extend beyond the end of the destination buffer. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.
Last Modified:
Helpful?

Additional Product Support Information

Start a Discussion

in Apple Support Communities
See all questions on this article See all questions I have asked
United States (English)