Back to search
CVE-2007-4676
Published: Nov 7, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.zerodayinitiative.com/advisories/ZDI-07-066.html
x_refsource_MISC
TA07-310A
third-party-advisory
x_refsource_CERT
http://docs.info.apple.com/article.html?artnum=306896
x_refsource_CONFIRM
quicktime-packbitsrgn-bo(38280)
vdb-entry
x_refsource_XF
3351
third-party-advisory
x_refsource_SREASON
38546
vdb-entry
x_refsource_OSVDB
APPLE-SA-2007-11-05
vendor-advisory
x_refsource_APPLE
27523
third-party-advisory
x_refsource_SECUNIA
VU#690515
third-party-advisory
x_refsource_CERT-VN
20071105 ZDI-07-066: Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability
mailing-list
x_refsource_BUGTRAQ
20071105 ZDI-07-067: Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability
mailing-list
x_refsource_BUGTRAQ
1018894
vdb-entry
x_refsource_SECTRACK
ADV-2007-3723
vdb-entry
x_refsource_VUPEN
quicktime-poly-type-bo(38281)
vdb-entry
x_refsource_XF
26345
vdb-entry
x_refsource_BID
http://www.zerodayinitiative.com/advisories/ZDI-07-067.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now