CVE-2008-3626

CVE-2008-3626 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.

Learn more about our Web Application Penetration Testing UK.