Sign-up

ID

VAR-200809-0202


CVE

CVE-2008-3629


TITLE

Apple QuickTime PICT Denial of Service Vulnerability

Trust: 0.9

sources: BID: 31548 // CNNVD: CNNVD-200809-124

DESCRIPTION

Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. Apple QuickTime is prone to a denial-of-service vulnerability. This issue arises when the application handles specially crafted PICT image files. Successful exploits may allow attackers to crash the affected application, denying service to legitimate users. NOTE: This issue was previously described in BID 31086 (Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities) but has been given its own record to better document the vulnerability. The following are vulnerable: QuickTime 7.5 and earlier Apple TV 2.1 and earlier. 1) An error in the third-party Indeo5 codec for QuickTime can be exploited to access uninitialised memory via a specially crafted movie file. 2) A boundary error in QuickTimeInternetExtras.qtx when parsing files via the third-party Indeo3.2 codec for QuickTime can be exploited to cause a stack-based buffer overflow via a specially crafted movie file. 3) A boundary error in the parsing of panorama atoms in QTVR (QuickTime Virtual Reality) movie files can be exploited to cause a heap-based buffer overflow via a specially crafted QTVR file. 4) A boundary error in the parsing of panorama PDAT atoms in QTVR (QuickTime Virtual Reality) movie files can be exploited to cause a stack-based buffer overflow via a QTVR file containing specially crafted "maxTilt", "minFieldOfView", and "maxFieldOfView" elements. 6) An error in the CallComponentFunctionWithStorage() function when parsing STSZ atoms in movie files can be exploited to corrupt memory via a movie file containing a overly large entry in sample_size_table. 7) Multiple errors when parsing H.264 encoded movie files (e.g. an integer overflow when parsing AVC1 atoms and two errors when parsing MDAT atoms) can be exploited to corrupt memory via a specially crafted file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Update to version 7.5.5. QuickTime 7.5.5 for Windows: http://www.apple.com/support/downloads/quicktime755forwindows.html QuickTime 7.5.5 for Leopard: http://www.apple.com/support/downloads/quicktime755forleopard.html QuickTime 7.5.5 for Tiger: http://www.apple.com/support/downloads/quicktime755fortiger.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Paul Byrne, NGSSoftware. 2) Reported by an anonymous person via ZDI. 3) The vendor credits Roee Hay, IBM Rational Application Security Research Group. 4) Reported by an anonymous person via ZDI. 5) Reported by an anonymous person via iDefense VCP. 6) Reported by an anonymous person via ZDI. 7) Reported by an anonymous person and Subreption via ZDI. 8) The vendor credits David Wharton. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3027 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-08-057/ http://www.zerodayinitiative.com/advisories/ZDI-08-058/ http://www.zerodayinitiative.com/advisories/ZDI-08-059/ http://www.zerodayinitiative.com/advisories/ZDI-08-060/ http://www.zerodayinitiative.com/advisories/ZDI-08-061/ http://www.zerodayinitiative.com/advisories/ZDI-08-062/ iDefense VCP: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2008-3629 // JVNDB: JVNDB-2008-001688 // BID: 31548 // VULHUB: VHN-33754 // PACKETSTORM: 70608 // PACKETSTORM: 69849

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:eqversion:7.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.3

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.0.3

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.0.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.0.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.4.5

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.4

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.0

Trust: 1.6

vendor:applemodel:tvscope:eqversion:2.1

Trust: 1.1

vendor:applemodel:tvscope:eqversion:1.0

Trust: 1.1

vendor:applemodel:quicktimescope:lteversion:7.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.6

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3.1.70

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.4

Trust: 1.0

vendor:applemodel:quicktimescope:ltversion:7.5.5

Trust: 0.8

vendor:applemodel:quicktimescope:eqversion:7.5

Trust: 0.6

vendor:applemodel:quicktime playerscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:tvscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1.70

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:tvscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:tvscope:neversion:2.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.5.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.1

Trust: 0.3

sources: BID: 31548 // JVNDB: JVNDB-2008-001688 // CNNVD: CNNVD-200809-124 // NVD: CVE-2008-3629

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3629
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-3629
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200809-124
value: MEDIUM

Trust: 0.6

VULHUB: VHN-33754
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-3629
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-33754
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-33754 // JVNDB: JVNDB-2008-001688 // CNNVD: CNNVD-200809-124 // NVD: CVE-2008-3629

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-33754 // JVNDB: JVNDB-2008-001688 // NVD: CVE-2008-3629

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-124

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200809-124

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001688

PATCH
title:HT3189url:http://support.apple.com/kb/HT3189
Trust: 0.8
title:HT3027url:http://support.apple.com/kb/HT3027
Trust: 0.8
title:HT3027url:http://support.apple.com/kb/HT3027?viewlocale=ja_JP
Trust: 0.8
title:HT3189url:http://support.apple.com/kb/HT3189?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001688

EXTERNAL IDS
db:NVDid:CVE-2008-3629
Trust: 2.8
db:SECUNIAid:31821
Trust: 2.7
db:BIDid:31086
Trust: 2.5
db:SECTRACKid:1020841
Trust: 2.5
db:BIDid:31548
Trust: 2.0
db:SECUNIAid:32121
Trust: 1.8
db:VUPENid:ADV-2008-2735
Trust: 1.7
db:VUPENid:ADV-2008-2527
Trust: 1.7
db:JVNDBid:JVNDB-2008-001688
Trust: 0.8
db:APPLEid:APPLE-SA-2008-10-02
Trust: 0.6
db:APPLEid:APPLE-SA-2008-09-09
Trust: 0.6
db:CNNVDid:CNNVD-200809-124
Trust: 0.6
db:VULHUBid:VHN-33754
Trust: 0.1
db:PACKETSTORMid:70608
Trust: 0.1
db:ZDIid:ZDI-08-060
Trust: 0.1
db:ZDIid:ZDI-08-059
Trust: 0.1
db:ZDIid:ZDI-08-057
Trust: 0.1
db:ZDIid:ZDI-08-062
Trust: 0.1
db:ZDIid:ZDI-08-058
Trust: 0.1
db:ZDIid:ZDI-08-061
Trust: 0.1
db:PACKETSTORMid:69849
Trust: 0.1
sources:
            
            
            VULHUB: VHN-33754 // 
            
            
            
            BID: 31548 // 
            
            
            
            JVNDB: JVNDB-2008-001688 // 
            
            
            
            PACKETSTORM: 70608 // 
            
            
            
            PACKETSTORM: 69849 // 
            
            
            
            CNNVD: CNNVD-200809-124 // 
            
            
            
            NVD: CVE-2008-3629

REFERENCES
url:http://www.securityfocus.com/bid/31086
Trust: 2.5
url:http://securitytracker.com/id?1020841
Trust: 2.5
url:http://secunia.com/advisories/31821
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2008/oct/msg00000.html
Trust: 1.8
url:http://support.apple.com/kb/ht3027
Trust: 1.8
url:http://lists.apple.com/archives/security-announce//2008/sep/msg00000.html
Trust: 1.7
url:http://www.securityfocus.com/bid/31548
Trust: 1.7
url:http://support.apple.com/kb/ht3189
Trust: 1.7
url:http://secunia.com/advisories/32121
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16019
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/2527
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/2735
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3629
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3629
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2008/2735
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/2527
Trust: 0.6
url:http://www.apple.com/quicktime/
Trust: 0.3
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.2
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/advisories/31821/
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://secunia.com/binary_analysis/sample_analysis/
Trust: 0.1
url:http://secunia.com/advisories/32121/
Trust: 0.1
url:http://secunia.com/advisories/product/19289/
Trust: 0.1
url:http://secunia.com/advisories/27523/
Trust: 0.1
url:http://secunia.com/advisories/product/14569/
Trust: 0.1
url:http://secunia.com/advisories/product/5090/
Trust: 0.1
url:http://www.apple.com/support/downloads/quicktime755fortiger.html
Trust: 0.1
url:http://www.apple.com/support/downloads/quicktime755forwindows.html
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-08-058/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-08-061/
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-08-059/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-08-060/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-08-062/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-08-057/
Trust: 0.1
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744
Trust: 0.1
url:http://www.apple.com/support/downloads/quicktime755forleopard.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-33754 // 
            
            
            
            BID: 31548 // 
            
            
            
            JVNDB: JVNDB-2008-001688 // 
            
            
            
            PACKETSTORM: 70608 // 
            
            
            
            PACKETSTORM: 69849 // 
            
            
            
            CNNVD: CNNVD-200809-124 // 
            
            
            
            NVD: CVE-2008-3629

CREDITS
Sergio AlvarezDavid WhartonRoee HayZDI※http://www.zerodayinitiative.com/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200809-124

SOURCES
db:VULHUBid:VHN-33754
db:BIDid:31548
db:JVNDBid:JVNDB-2008-001688
db:PACKETSTORMid:70608
db:PACKETSTORMid:69849
db:CNNVDid:CNNVD-200809-124
db:NVDid:CVE-2008-3629

LAST UPDATE DATE
2024-11-23T21:00:04.353000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-33754date:2018-10-30T00:00:00
db:BIDid:31548date:2008-10-03T14:18:00
db:JVNDBid:JVNDB-2008-001688date:2008-10-28T00:00:00
db:CNNVDid:CNNVD-200809-124date:2008-11-15T00:00:00
db:NVDid:CVE-2008-3629date:2024-11-21T00:49:43.830

SOURCES RELEASE DATE
db:VULHUBid:VHN-33754date:2008-09-11T00:00:00
db:BIDid:31548date:2008-09-09T00:00:00
db:JVNDBid:JVNDB-2008-001688date:2008-09-29T00:00:00
db:PACKETSTORMid:70608date:2008-10-04T18:17:40
db:PACKETSTORMid:69849date:2008-09-11T04:44:10
db:CNNVDid:CNNVD-200809-124date:2008-09-11T00:00:00
db:NVDid:CVE-2008-3629date:2008-09-11T01:13:09.897