libquicktime 'quicktime_read_pascal()' Function Integer Overflow Vulnerability

libquicktime is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to crash the affected application, resulting in denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

libquicktime 1.2.4 and prior are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus