Apple QuickDraw libraries memory corruption - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Apple QuickDraw libraries memory corruption
Published: 24.01.2007
Source: MOAB
SecurityVulns ID: 7102
Type: library
Level: 6/10
Description: Memory corruption on maleformed PICT image ARGB record.

Affected: APPLE : Mac OS X 10.4
CVE: CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.)
CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.)

Original document MOAB, MOAB-23-01-2007: Apple QuickDraw GetSrcBits32ARGB() Memory Corruption Vulnerability (24.01.2007)

Files: Exploits Apple QuickDraw GetSrcBits32ARGB() Memory Corruption Vulnerability
Discuss: Read or add your comments to this news (0 comments)