CVE-2006-1249
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.
Date published : 2006-03-18
http://lists.apple.com/archives/security-announce/2006/May/msg00002.html