Apple QuickTime < 7.7.9 Multiple Vulnerabilities

Versions of QuickTime older than 7.7.9 are affected by the following vulnerabilities :

• A flaw is triggered as user-supplied input is not properly validated. With a specially crafted movie file, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7091)
• A flaw in the ‘QuickTime!0x73b390()’ function is triggered as user-supplied input is not properly validated when handling dref atoms. With a specially crafted movie file, a context-dependent attacker can trigger an out-of-bounds access and cause a crash, or potentially execute arbitrary code. (CVE-2015-7090)
• An overflow condition is triggered as user-supplied input is not properly validated when handling ID3 version tags in MP3 file. With a specially crafted TXXX frame, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2015-7092)
• A flaw is triggered as user-supplied input is not properly validated. With a specially crafted movie file, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2015-7117)