icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

QuickTime < 7.7.1 Multiple Vulnerabilities

High

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

Versions of QuickTime earlier than 7.7.1 are potentially affected by multiple vulnerabilities :

- A buffer overflow exists in the handling of H.264 encoded movie files. (CVE-2011-3219)

- An uninitialized memory access issue exists in the handling of URL data handlers within movie file. (CVE-2011-3220)

- An implementation issue exists in the handling of the atom hierarchy within a movie files. (CVE-2011-3221)

- A cross-site scripting issue exists int he Save for Web export. (CVE-2011-3218)

- A buffer overflow exists in the handling of FlashPix files. (CVE-2011-3222)

- A buffer overflow exists in the handling of FLIC files. (CVE-2011-3223)

- Multiple memory corruption issues exist in the handling of movie files. (CVE-2011-3228)

- An integer overflow issue exists in the handling of PICT files. (CVE-2011-3247)

- A signedness issue exists in the handling of font tables embedded n QuickTime movie files.

- A buffer overflow issue exists in the handling of FLC encoded movie files. (CVE-2011-3249)

- An integer overflow issue exists in the handling of JPEG2000 encoded movie files. (CVE-2011-3250)

- A memory corruption issue exists in the handling of TKHD atoms in QuickTime movie files. (CVE-2011-3251)

Solution

Upgrade to QuickTime 7.7.1 or later.