Versions of QuickTime earlier than 7.7.4 are affected by the following vulnerabilities :
A buffer overflow existed in the handling of ‘enof’ atoms. (CVE-2013-0986)
A memory corruption issue existed in the handling of QTIF files. (CVE-2013-0987)
A buffer overflow existed in the handling of FPX files. (CVE-2013-0988)
A buffer overflow existed in the handling of MP3 files. (CVE-2013-0989)
A memory corruption issue existed in the handling of TeXML files. (CVE-2013-1015)
A buffer overflow existed in the handling of H.263 encoded movie files. (CVE-2013-1016)
A buffer overflow existed in the handling of ‘dref’ atoms. (CVE-2013-1017)
A buffer overflow existed in the handling of H.264 encoded movie files. (CVE-2013-1018)
A buffer overflow existed in the handling of Sorenson encoded movie files. (CVE-2013-1019)
A memory corruption issue existed in the handling of JPEG encoded data. (CVE-2013-1020)
A buffer overflow existed in the handling of JPEG encoded data. (CVE-2013-1021)
A buffer underflow existed in the handling of ‘mvhd’ atoms. (CVE-2013-1022)
Successful exploitation of these issues could result in program termination or arbitrary code execution, subject to the user’s privileges
Binary data 801190.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0987
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1017
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1022
prod.lists.apple.com/archives/security-announce/2013/May/msg00001.html
support.apple.com/kb/HT1222