Description
Multiple serious vulnerabilities have been found in Apple QuickTime. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service. Below is a complete list of vulnerabilities
- Improper byte-swapping can be exploited to execute arbitrary code or cause denial of service via a specially designed ttfo element in a movie file
- Lack of unspecified pointer initialization can be exploited to execute arbitrary code or cause denial of service via a specially designed tracklist in a movie file
- Integer signing can be exploited to execute arbitrary code or cause denial of service via a specially designed stsz atom in a movie file
- Vectors related to unknown applications can be exploited to execute arbitrary code or cause denial of service via specially designed idsc, clef, dref and ftab atoms, by a specially designed PSD image or movie file with H.264 encoding.
Original advisories
Related products
CVE list
- CVE-2014-1244 critical
- CVE-2014-1245 critical
- CVE-2014-1246 critical
- CVE-2014-1247 critical
- CVE-2014-1249 critical
- CVE-2014-1248 critical
- CVE-2013-1032 high
- CVE-2014-1250 critical
- CVE-2014-1243 critical
- CVE-2014-1251 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!