Synopsis
The remote host contains an application that is vulnerable to multiple attack vectors.
Description
Versions of QuickTime earlier thanolder than 7.7.2 are affected by the following vulnerabilities :
- An uninitialized memory access issue exists in the handling of MP4 encoded files. (CVE-2011-3458)
- An off-by-one buffer overflow exists in the handling of rdrf atoms in QuickTime movie files. (CVE-2011-3459)
- A stack buffer overflow exists in the QuickTime plugin's handling of PNG files. (CVE-2011-3460)
- A stack buffer overflow exists in QuickTime's handling of file paths. (CVE-2012-0265)
- A buffer overflow exists in the handling of audio sample tables. (CVE-2012-0658)
- An integer overflow exists in the handling of MPEG files. (CVE-2012-0659)
- An integer underflow exists in QuickTime's handling of audio streams in MPEG files. (CVE-2012-0660)
- A use-after-free issue exists in the handling of JPEG2000 encoded movie files. (CVE-2012-0661)
- Multiple stack overflows exist in QuickTime's handling of TeXML files. (CVE-2012-0663)
- A heap overflow exists in QuickTime's handling of text tracks. (CVE-2012-0664)
- A heap overflow exists in the handling of H.264 encoded movie files. (CVE-2012-0665)
- A stack buffer overflow exists in the QuickTime plugin's handling of QTMovie objects. (CVE-2012-0666)
- A signedness issue exists in the handling of QTVR movie files. (CVE-2012-0667)
- A buffer overflow exists in QuickTime's handling of Sorenson encoded movie files. (CVE-2012-0669)
- An integer overflow exists in QuickTime's handling of sean atoms. (CVE-2012-0670)
- A memory corruption issue exists in the handling of .pict files. (CVE-2012-0671)
Solution
Upgrade to QuickTime 7.7.2 or later.