Lucene search

K
nessusTenable6489.PRM
HistoryMay 18, 2012 - 12:00 a.m.

QuickTime < 7.7.2 Multiple Vulnerabilities

2012-05-1800:00:00
Tenable
www.tenable.com
13

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

Versions of QuickTime earlier thanolder than 7.7.2 are affected by the following vulnerabilities :

  • An uninitialized memory access issue exists in the handling of MP4 encoded files. (CVE-2011-3458)

  • An off-by-one buffer overflow exists in the handling of rdrf atoms in QuickTime movie files. (CVE-2011-3459)

  • A stack buffer overflow exists in the QuickTime plugin’s handling of PNG files. (CVE-2011-3460)

  • A stack buffer overflow exists in QuickTime’s handling of file paths. (CVE-2012-0265)

  • A buffer overflow exists in the handling of audio sample tables. (CVE-2012-0658)

  • An integer overflow exists in the handling of MPEG files. (CVE-2012-0659)

  • An integer underflow exists in QuickTime’s handling of audio streams in MPEG files. (CVE-2012-0660)

  • A use-after-free issue exists in the handling of JPEG2000 encoded movie files. (CVE-2012-0661)

  • Multiple stack overflows exist in QuickTime’s handling of TeXML files. (CVE-2012-0663)

  • A heap overflow exists in QuickTime’s handling of text tracks. (CVE-2012-0664)

  • A heap overflow exists in the handling of H.264 encoded movie files. (CVE-2012-0665)

  • A stack buffer overflow exists in the QuickTime plugin’s handling of QTMovie objects. (CVE-2012-0666)

  • A signedness issue exists in the handling of QTVR movie files. (CVE-2012-0667)

  • A buffer overflow exists in QuickTime’s handling of Sorenson encoded movie files. (CVE-2012-0669)

  • An integer overflow exists in QuickTime’s handling of sean atoms. (CVE-2012-0670)

  • A memory corruption issue exists in the handling of .pict files. (CVE-2012-0671)

Binary data 6489.prm
VendorProductVersionCPE
applequicktimecpe:/a:apple:quicktime

References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%