Computer Security
[EN] securityvulns.ru no-pyccku


Apple QuickTime multiple security vulnerabilities
Published:27.05.2013
Source:
SecurityVulns ID:13091
Type:client
Threat Level:
8/10
Description:Memory corruptions on different formats and protocols parsing.
Affected:APPLE : QuickTime 7.7
CVE:CVE-2013-1022 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.)
 CVE-2013-1021 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file.)
 CVE-2013-1020 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file.)
 CVE-2013-1019 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.)
 CVE-2013-1018 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.)
 CVE-2013-1017 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.)
 CVE-2013-1016 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding.)
 CVE-2013-1015 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file.)
 CVE-2013-0989 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file.)
 CVE-2013-0988 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file.)
 CVE-2013-0987 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file.)
 CVE-2013-0986 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file.)
Original documentdocumentAPPLE, APPLE-SA-2013-05-22-1 QuickTime 7.7.4 (27.05.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod