Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

QuickTime < 7.7.1 Multiple Vulnerabilities

High

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

Versions of QuickTime earlier than 7.7.1 are potentially affected by multiple vulnerabilities :

- A buffer overflow exists in the handling of H.264 encoded movie files. (CVE-2011-3219)

- An uninitialized memory access issue exists in the handling of URL data handlers within movie file. (CVE-2011-3220)

- An implementation issue exists in the handling of the atom hierarchy within a movie files. (CVE-2011-3221)

- A cross-site scripting issue exists int he Save for Web export. (CVE-2011-3218)

- A buffer overflow exists in the handling of FlashPix files. (CVE-2011-3222)

- A buffer overflow exists in the handling of FLIC files. (CVE-2011-3223)

- Multiple memory corruption issues exist in the handling of movie files. (CVE-2011-3228)

- An integer overflow issue exists in the handling of PICT files. (CVE-2011-3247)

- A signedness issue exists in the handling of font tables embedded n QuickTime movie files.

- A buffer overflow issue exists in the handling of FLC encoded movie files. (CVE-2011-3249)

- An integer overflow issue exists in the handling of JPEG2000 encoded movie files. (CVE-2011-3250)

- A memory corruption issue exists in the handling of TKHD atoms in QuickTime movie files. (CVE-2011-3251)

Solution

Upgrade to QuickTime 7.7.1 or later.