Heap-based Buffer Overflow in Apple QuickTime Affects Multimedia Files
CVE-2007-4677

Currently unrated

Key Information:

Vendor: Apple
Status: Mac Os X; Windows Vista; Windows Xp
Vendor: CVE Published:; 7 November 2007

What is CVE-2007-4677?

A heap-based buffer overflow vulnerability exists in Apple QuickTime prior to version 7.3, where attackers can exploit improper handling of color table atom (CTAB) sizes in movie files. This issue can lead to arbitrary code execution when an invalid color table size is processed, significantly impacting the security of users playing potentially malicious video files. It highlights the need for vigilance when handling variable input sizes in multimedia applications to prevent exploitation.

References

http://www.us-cert.gov/cas/techalerts/TA07-310A.html

third-party-advisoryx_refsource_CERT

http://docs.info.apple.com/article.html?artnum=306896

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-07-065.html

x_refsource_MISC

EPSS Score

68% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2007
Vulnerability Reserved
Sep 5, 2007