CVE-2008-3625

Published: Sep 11, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms.

Affected (1)

Products: Apple: Quicktime

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Quicktime	Before 7.5.5

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (18)

http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html

Source: cve@mitre.org

Mailing ListVendor Advisory

http://secunia.com/advisories/31821

Source: cve@mitre.org

Third Party Advisory

http://securitytracker.com/id?1020841

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://support.apple.com/kb/HT3027

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/archive/1/496161/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/31086

Source: cve@mitre.org

PatchThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2008/2527

Source: cve@mitre.org

Third Party Advisory

http://www.zerodayinitiative.com/advisories/ZDI-08-058/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15935

Source: cve@mitre.org

Third Party Advisory

http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

http://secunia.com/advisories/31821

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://securitytracker.com/id?1020841

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://support.apple.com/kb/HT3027

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/archive/1/496161/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31086

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2008/2527

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.zerodayinitiative.com/advisories/ZDI-08-058/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15935

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.