Rapid7 Vulnerability & Exploit Database

QuickTime: arbitrary code execution via malicious PICT files (CVE-2005-2756)

Back to Search

QuickTime: arbitrary code execution via malicious PICT files (CVE-2005-2756)

Severity
5
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Published
11/05/2005
Created
07/25/2018
Added
11/08/2005
Modified
10/03/2016

Description

Expansion of compressed PICT data could exceed the size of the destination buffer. The update prevents decompressed data from exceeding the destination buffer size. Credit to Piotr Bania (bania.piotr@gmail.com) for reporting this issue.

Solution(s)

  • quicktime-upgrade-7_0_3

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;