Versions of QuickTime earlier thanolder than 7.7.2 are affected by the following vulnerabilities :
An uninitialized memory access issue exists in the handling of MP4 encoded files. (CVE-2011-3458)
An off-by-one buffer overflow exists in the handling of rdrf atoms in QuickTime movie files. (CVE-2011-3459)
A stack buffer overflow exists in the QuickTime plugin’s handling of PNG files. (CVE-2011-3460)
A stack buffer overflow exists in QuickTime’s handling of file paths. (CVE-2012-0265)
A buffer overflow exists in the handling of audio sample tables. (CVE-2012-0658)
An integer overflow exists in the handling of MPEG files. (CVE-2012-0659)
An integer underflow exists in QuickTime’s handling of audio streams in MPEG files. (CVE-2012-0660)
A use-after-free issue exists in the handling of JPEG2000 encoded movie files. (CVE-2012-0661)
Multiple stack overflows exist in QuickTime’s handling of TeXML files. (CVE-2012-0663)
A heap overflow exists in QuickTime’s handling of text tracks. (CVE-2012-0664)
A heap overflow exists in the handling of H.264 encoded movie files. (CVE-2012-0665)
A stack buffer overflow exists in the QuickTime plugin’s handling of QTMovie objects. (CVE-2012-0666)
A signedness issue exists in the handling of QTVR movie files. (CVE-2012-0667)
A buffer overflow exists in QuickTime’s handling of Sorenson encoded movie files. (CVE-2012-0669)
An integer overflow exists in QuickTime’s handling of sean atoms. (CVE-2012-0670)
A memory corruption issue exists in the handling of .pict files. (CVE-2012-0671)
Binary data 6489.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0265
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0661
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0664
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0667
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0668
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0669
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0671
lists.apple.com/archives/security-announce/2012/May/msg00005.html