9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.037 Low
EPSS
Percentile
91.8%
Versions older than Quicktime 7.7.5 contain the following vulnerabilities:
Multiple buffer overflow vulnerabilities, which can be leveraged by an attacker to execute arbitrary code or application termination (2014-1246, CVE-2014-1248, CVE-2014-1249)
An out-of-bounds byte swapping issue in the handling of ‘ttfo’ elements, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1250)
A signedness issue in the handling of ‘stsz’ atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1245)
A memory corruption issue when handling the ‘dref’ atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1247)
Binary data 8140.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1245
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1246
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1247
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1248
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1249
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1250
support.apple.com/kb/HT6151