Computer Security
[EN] securityvulns.ru no-pyccku


Apple QuickTime multiple security vulnerabilities
updated since 02.06.2009
Published:04.06.2009
Source:
SecurityVulns ID:9953
Type:client
Threat Level:
7/10
Description:Buffer overflows and memory corruptions on PICT, CRGN, FLC, PSD, AVI, Sorenson Video 3, JPEG2000 parsing.
Affected:QUICKTIME : QuickTime 7.6
CVE:CVE-2009-0957 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.)
 CVE-2009-0954 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types.)
 CVE-2009-0953 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.)
 CVE-2009-0952 (Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image.)
 CVE-2009-0951 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.)
 CVE-2009-0188 (Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file.)
 CVE-2009-0185 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file.)
 CVE-2009-0010 (Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.)
Original documentdocumentRoee Hay, Advisory: Apple QuickTime Image Description Atom Sign Extension Memory Corruption (04.06.2009)
 documentZDI, ZDI-09-030: Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability (02.06.2009)
 documentZDI, ZDI-09-029: Apple QuickTime Jpeg2000 Marker Size Heap Overflow Vulnerability (02.06.2009)
 documentSECUNIA, Secunia Research: QuickTime Sorenson Video 3 Content Parsing Vulnerability (02.06.2009)
 documentSECUNIA, Secunia Research: Apple QuickTime MS ADPCM Encoding Buffer Overflow (02.06.2009)
 documentZDI, ZDI-09-028: Apple QuickTime CRGN Atom Parsing Heap Buffer Overflow Vulnerability (02.06.2009)
 documentZDI, ZDI-09-027: Apple Quicktime PICT Opcode 0x8201 Heap Overflow Vulnerability (02.06.2009)
 documentZDI, ZDI-09-026: Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability (02.06.2009)
 documentZDI, ZDI-09-025: Apple Quicktime Picture Viewer FLC Delta-Encoded Frame Decompression Vulnerability (02.06.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod