The quicktime_read_moov function in moov.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file.