iTunes 7.3.x - Heap overflow in album cover parsing Sep 06 2007 07:06PM
David Thiel (david isecpartners com)
iSEC Partners Security Advisory - 2007-005-itunes

iTunes 7.3.x - Heap overflow in album cover parsing

Vendor: Apple, Inc.
Vendor URL: http://www.apple.com
Versions affected: Confirmed in iTunes 7.3.2
Systems Affected: Confirmed on OS X 10.4.10 PPC, Windows XP x86
Severity: High (potential code execution)
Author: David Thiel <david[at]isecpartners[dot]com>

Vendor notified: 2007-07-29
Public release: 2007-09-05
Advisory URL: https://www.isecpartners.com/advisories/2007-005-itunes.txt
Vendor Advisory URL: http://docs.info.apple.com/article.html?artnum=306404

A vulnerability exists in iTunes where an attacker can cause a denial
of service or code execution via maliciously crafted album cover art
embedded in a media file.

iTunes 7.3.2 and earlier are vulnerable to a heap overflow when parsing
the 'covr' atom of an MP4/AAC file. This atom is normally used for the
storage of album cover art.

Fix Information:
This issue is fixed in iTunes 7.4, available via Software Update or
download at http://www.apple.com/itunes/download/.

Thanks to:
The Apple product security team for a timely response to this issue.

About iSEC Partners:
iSEC Partners is a full-service security consulting firm that provides
penetration testing, secure systems development, security education
and software design verification, with offices in San Francisco,
Seattle, Ewa Beach and Los Angeles.

info (at) isecpartners (dot) com [email concealed]

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus