Languages

Archived - About the security content of QuickTime 7.0.3

This article has been archived and is no longer updated by Apple.

This document describes the security content of QuickTime 7.0.3, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How To Use The Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

QuickTime 7.0.3

  • QuickTime

    CVE-ID: CVE-2005-2753

    Available for: Mac OS X v10.3.9 or later, Microsoft Windows XP, Microsoft Windows 2000

    Impact: An integer overflow may be exploitable via remotely originated content

    Description: A sign extension of an embedded "Pascal" style string could result in a very large memory copy. The update treats the string as having unsigned length. Credit to Piotr Bania (bania.piotr@gmail.com) for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2005-2755

    Available for: Mac OS X v10.3.9 or later, Microsoft Windows XP, Microsoft Windows 2000

    Impact: A denial of service against any application loading remotely-originated content

    Description: A missing movie attribute is interpreted as an extension, but the absence of the extension is not flagged as an error, resulting in a de-reference of a NULL pointer. The update requires either the movie attribute or the extension to be present for a well-formed movie. Credit to Piotr Bania (bania.piotr@gmail.com) for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2005-2754

    Available for: Mac OS X v10.3.9 or later, Microsoft Windows XP, Microsoft Windows 2000

    Impact: An integer overflow may be exploitable via remotely originated content

    Description: Improper movie attributes could result in a very large memory copy. The update checks for a valid non-zero size before copying. Credit to Piotr Bania (bania.piotr@gmail.com) for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2005-2756

    Available for: Mac OS X v10.3.9 or later, Microsoft Windows XP, Microsoft Windows 2000

    Impact: Compressed PICT data may overwrite application memory from remotely originated content

    Description: Expansion of compressed PICT data could exceed the size of the destination buffer. The update prevents decompressed data from exceeding the destination buffer size. Credit to Piotr Bania (bania.piotr@gmail.com) for reporting this issue.

Last Modified: Feb 19, 2012
  • Last Modified: Feb 19, 2012
  • Article: TA23702
  • Views:

    1165

Additional Product Support Information