CVE-2009-0955
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."
Date published : 2009-06-02
http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html