CVE-2005-2754
Description
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*+ 7 more
- cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*
- cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*
- cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*
- cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*
- cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*
- cpe:2.3:a:apple:quicktime:*:*:windows:*:*:*:*:*range: <=7.0.2
- (no CPE)range: <7.0.3
Patches
Vulnerability mechanics
Root cause
"Integer overflow in handling of "Improper movie attributes" in a crafted MOV file leads to a heap buffer overflow."
Attack vector
An attacker crafts a malicious MOV file with specially crafted "Improper movie attributes" that trigger an integer overflow during parsing [ref_id=1]. The user must open the file with Apple QuickTime before 7.0.3 (user-assisted attack). The integer overflow results in an undersized heap allocation, and subsequent data copying overwrites adjacent heap memory, allowing arbitrary code execution.
Affected code
The advisory does not specify exact function names or file paths. The vulnerability resides in QuickTime's MOV file parser, specifically in the code that processes "Improper movie attributes" [ref_id=1].
What the fix does
The advisory does not include a patch diff, but Apple addressed this in QuickTime 7.0.3 [ref_id=1]. The fix likely adds bounds checking or integer overflow validation when parsing movie attributes in MOV files, ensuring that the computed allocation size does not wrap around and that the allocated buffer is large enough for the subsequent data copy.
Preconditions
- inputAttacker must supply a crafted MOV file with malicious movie attributes.
- authNo authentication required; the user must be tricked into opening the file.
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- securitytracker.com/idnvdPatchVendor Advisory
- pb.specialised.info/all/adv/quicktime-mov-io2-adv.txtnvdVendor Advisory
- secunia.com/advisories/17428nvdVendor Advisory
- www.vupen.com/english/advisories/2005/2293nvdVendor Advisory
- docs.info.apple.com/article.htmlnvd
- www.osvdb.org/20476nvd
- www.securityfocus.com/archive/1/415709/30/0/threadednvd
- www.securityfocus.com/bid/15308nvd
News mentions
0No linked articles in our index yet.