Versions of QuickTime older than 7.7.8 are affected by the following vulnerabilities :
- A flaw is triggered as user-supplied input is not properly validated when handling URL atom sizes. With a specially crafted file, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2015-3788)
- A flaw is triggered as user-supplied input is not properly validated when handling 3GPP STSD sample description entry sizes. With a specially crafted file, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2015-3789)
- A flaw is triggered as user-supplied input is not properly validated when handling MVHD atom sizes. With a specially crafted file, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2015-3790)
- A flaw is triggered as user-supplied input is not properly validated when handling mismatching ESDS atom descriptor type lengths. With a specially crafted file, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2015-3791)
- A flaw is triggered as user-supplied input is not properly validated when handling MDAT sections. With a specially crafted file, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2015-3792)
- A flaw is triggered as user-supplied input is not properly validated. With a specially crafted file, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2015-5751, CVE-2015-5779, CVE-2015-5785, CVE-2015-5786)