ID

VAR-200701-0395

CVE

CVE-2007-0462

TITLE

Mac OS X of Quicktime Such as _GetSrcBits32ARGB Service disruption in functions (DoS) Vulnerabilities

DESCRIPTION

The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. Mac OS X QuickDraw is prone to a remote memory-corruption vulnerability because the software fails to properly handle malformed PICT image files. Successfully exploiting this issue allows remote attackers to corrupt memory and crash the affected software. Attackers may also be able to execute arbitrary machine code, but this has not been confirmed. Mac OS X 10.4.8 is vulnerable to this issue; other versions are also likely affected, since the vulnerable component has been included in Apple operating systems since System 6.0.4. QuickDraw is a graphics processing tool bundled in the Apple operating system. A memory corruption vulnerability exists in QuickDraw when parsing PICT graphics with malformed ARGB records. A remote attacker may exploit this vulnerability to cause the application to crash. If the user is tricked into opening a malicious graphics file, this vulnerability will be triggered, destroying the pointer sent to the _GetSrcBits32ARGB() function, resulting in a denial of service. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. The vulnerability is caused due to an error in Apple QuickDraw and can be exploited to cause the application using the QuickDraw routines to crash, when a specially crafted PICT image is processed. The vulnerability is reported in Mac OS X 10.4.8 (x86). Other versions may also be affected. SOLUTION: Do not open or use PICT images from untrusted sources. PROVIDED AND/OR DISCOVERED BY: LMH ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-23-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

Boundary Condition Error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

LMH lmh@info-pull.com Tom Ferris tommy@security-protocols.com

SOURCES

LAST UPDATE DATE

2025-04-10T22:45:37.697000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE