Computer Security
[EN] securityvulns.ru no-pyccku


Apple QuickTime multiple security vulnerabilities
updated since 21.05.2012
Published:27.08.2012
Source:
SecurityVulns ID:12382
Type:library
Threat Level:
8/10
Description:Multiple vulnerabilities in TexML, H.264, MP4, MPEG, PNG, QTVR, JPEG2000, PICT and different audio and video formats parsing.
Affected:APPLE : QuickTime 7.7
CVE:CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.)
 CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.)
 CVE-2012-0669 (Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.)
 CVE-2012-0668 (Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.)
 CVE-2012-0667 (Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file.)
 CVE-2012-0666 (Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object.)
 CVE-2012-0665 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.)
 CVE-2012-0664 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file.)
 CVE-2012-0663 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.)
 CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.)
 CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.)
 CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.)
 CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.)
 CVE-2012-0265 (Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file.)
 CVE-2011-3460 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.)
 CVE-2011-3459 (Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.)
 CVE-2011-3458 (QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.)
Original documentdocumentZDI, ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability (27.08.2012)
 documentZDI, ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability (13.08.2012)
 documentZDI, ZDI-12-130 : Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability (13.08.2012)
 documentZDI, ZDI-12-125: Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability (24.06.2012)
 documentZDI, ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-078 : Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution (13.06.2012)
 documentZDI, ZDI-12-077 : Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-076 : Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-075 : Apple Quicktime RLE Sample Decoding Remote Code Execution Vulnerability (13.06.2012)
 documentRodrigo Rubira Branco (BSDaemon), Apple Quicktime Memory Corruption (CVE-2012-0671) (21.05.2012)
 documentAPPLE, APPLE-SA-2012-05-15-1 QuickTime 7.7.2 (21.05.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod