A vulnerability in Apple QuickTime may allow system compromise. The vulnerability is due to a boundry condition error when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. An integer overflow allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Successful exploitation may allow a remote attacker to trigger a denial of service condition or gain unauthorized access.
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple has released advisory APPLE-SA-2006-01-10 including QuickTime 7.0.4 to address these issues.