QuickTime < 7.7.2 Multiple Vulnerabilities

Versions of QuickTime earlier thanolder than 7.7.2 are affected by the following vulnerabilities :

• An uninitialized memory access issue exists in the handling of MP4 encoded files. (CVE-2011-3458)

• An off-by-one buffer overflow exists in the handling of rdrf atoms in QuickTime movie files. (CVE-2011-3459)

• A stack buffer overflow exists in the QuickTime plugin’s handling of PNG files. (CVE-2011-3460)

• A stack buffer overflow exists in QuickTime’s handling of file paths. (CVE-2012-0265)

• A buffer overflow exists in the handling of audio sample tables. (CVE-2012-0658)

• An integer overflow exists in the handling of MPEG files. (CVE-2012-0659)

• An integer underflow exists in QuickTime’s handling of audio streams in MPEG files. (CVE-2012-0660)

• A use-after-free issue exists in the handling of JPEG2000 encoded movie files. (CVE-2012-0661)

• Multiple stack overflows exist in QuickTime’s handling of TeXML files. (CVE-2012-0663)

• A heap overflow exists in QuickTime’s handling of text tracks. (CVE-2012-0664)

• A heap overflow exists in the handling of H.264 encoded movie files. (CVE-2012-0665)

• A stack buffer overflow exists in the QuickTime plugin’s handling of QTMovie objects. (CVE-2012-0666)

• A signedness issue exists in the handling of QTVR movie files. (CVE-2012-0667)

• A buffer overflow exists in QuickTime’s handling of Sorenson encoded movie files. (CVE-2012-0669)

• An integer overflow exists in QuickTime’s handling of sean atoms. (CVE-2012-0670)

• A memory corruption issue exists in the handling of .pict files. (CVE-2012-0671)