Lucene search
Tenable9304.PRMHistoryApr 20, 2016 - 12:00 a.m.
Apple QuickTime < 7.7.7 Multiple Vulnerabilities
2016-04-2000:00:00
Tenable
www.tenable.com
8
Versions of QuickTime older than 7.7.7 are affected by the following vulnerabilities :
- A flaw is triggered as user-supplied input is not properly validated when handling specially crafted image data in an SGI file allowing a context-dependent attacker to potentially execute arbitrary code. (CVE-2015-3661)
- An out-of-bounds write flaw is triggered as user-supplied input is not properly validated when handling specially crafted image data in a GIF file allowing a context-dependent attacker to potentially execute arbitrary code. (CVE-2015-3662, CVE-2015-3663)
- An overflow condition is triggered as user-supplied input is not properly validated when handling alis atoms. With a specially crafted file, a context-dependent attacker can cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2015-3664)
- A use-after-free error is triggered when handling object properties in a specially crafted movie file allowing a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2015-3665)
- A flaw is triggered as user-supplied input is not properly validated when handling the code atom within the Media Information (minf) atom allowing a context-dependent attacker to use a specially crafted file to corrupt memory and potentially execute arbitrary code. (CVE-2015-3666)
- A use-after-free error in the ‘QuickTimeMPEG4!0x147f0()’ function is triggered when an out-of-bounds read error occurs during the handling of stbl ataoms. With a specially crafted movie (.MOV) file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2015-3667)
- A flaw is triggered as user-supplied input is not properly validated when handling a specially crafted track fragment’s ‘size’ field inside a moof atom allowing a context-dependent attacker to cause a heap-based buffer overflow and potentially execute arbitrary code. (CVE-2015-3668)
- An overflow condition is triggered as user-supplied input is not properly validated. With a specially crafted SGI file, a context-dependent attacker can cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2015-3669)
Binary data 9304.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3661
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3662
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3664
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3667
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3668
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3669
support.apple.com/en-us/HT204947
Related
nessus
nessus
Apple QuickTime < 7.7.7 Multiple Vulnerabilities (Windows)
2015-07-03 00:00:00
Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)
2015-07-01 00:00:00
kaspersky
kaspersky
KLA10621 Multiple vulnerabilities in Apple QuickTime
2015-06-30 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-06-30-5 QuickTime 7.7.7
2015-07-05 00:00:00
Apple QuickTime multiple security vulnerabilities
2015-07-05 00:00:00
Apple Mac OS X / EFI multiple security vulnerabilities
2015-07-05 00:00:00
prion
prion
Memory corruption
2015-07-03 01:59:00
Memory corruption
2015-07-03 01:59:00
Memory corruption
2015-07-03 01:59:00
cvelist
cvelist
cve
cve
zdi
zdi
checkpoint_advisories
checkpoint_advisories
Apple QuickTime traf Atom Out-Of-Bounds Access (CVE-2015-3668)
2015-10-06 00:00:00
Apple QuickTime MP4 Absent stbl Box Memory Corruption (CVE-2015-3667)
2016-01-18 00:00:00
talos
talos
Apple Quicktime Corrupt stbl Atom Remote Code Execution Vulnerability
2015-06-30 00:00:00
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities-01 (Jul 2015)
2015-07-10 00:00:00
Related for 9304.PRM