CVE-2008-3629

Published: Sep 11, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.

Affected (20)

Products: Apple: Quicktime

1 product

Configuration A

20 vulnerable · 17 platform

Vulnerable Software	Affected Versions
Apple Quicktime	Up to 7.5
Apple Quicktime	Version 7.0.1
Apple Quicktime	Version 7.0.2
Apple Quicktime	Version 7.0.3
Apple Quicktime	Version 7.0.4
Apple Quicktime	Version 7.0
Apple Quicktime	Version 7.1.1
Apple Quicktime	Version 7.1.2
Apple Quicktime	Version 7.1.3
Apple Quicktime	Version 7.1.4
Apple Quicktime	Version 7.1.5
Apple Quicktime	Version 7.1.6
Apple Quicktime	Version 7.1
Apple Quicktime	Version 7.2
Apple Quicktime	Version 7.3.1.70
Apple Quicktime	Version 7.3.1
Apple Quicktime	Version 7.3
Apple Quicktime	Version 7.4.1
Apple Quicktime	Version 7.4.5
Apple Quicktime	Version 7.4

Running on/with	Platform Versions
Apple Mac Os X	Version 10.3.9
Apple Mac Os X	Version 10.4.10
Apple Mac Os X	Version 10.4.11
Apple Mac Os X	Version 10.4.9
Apple Mac Os X	Version 10.5.1
Apple Mac Os X	Version 10.5.2
Apple Mac Os X	Version 10.5.3
Apple Mac Os X	Version 10.5.4
Apple Mac Os X	Version 10.5
Apple Mac Os X Server	Version 10.3.9
Apple Mac Os X Server	Version 10.4.10
Apple Mac Os X Server	Version 10.4.11
Apple Mac Os X Server	Version 10.4.9
Apple Mac Os X Server	Version 10.5
Microsoft Windows Nt	Version xp sp3
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions

Related CWEs

References (24)

http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html

Source: cve@mitre.org

Patch

http://lists.apple.com/archives/security-announce/2008/Oct/msg00000.html

Source: cve@mitre.org

http://secunia.com/advisories/31821

Source: cve@mitre.org

http://secunia.com/advisories/32121

Source: cve@mitre.org

http://securitytracker.com/id?1020841

Source: cve@mitre.org

http://support.apple.com/kb/HT3027

Source: cve@mitre.org

http://support.apple.com/kb/HT3189

Source: cve@mitre.org

http://www.securityfocus.com/bid/31086

Source: cve@mitre.org

http://www.securityfocus.com/bid/31548

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2527

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2735

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16019

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.apple.com/archives/security-announce/2008/Oct/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31821

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32121

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1020841

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3027

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3189

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31086

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31548

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2527

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2735

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16019

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.