Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host has Apple QuickTime installed, which prone to multiple vulnerabilities.
Insight
Insight
The flaws exist due to, - an uninitialized memory access inn the Indeo v5 codec and lack of proper bounds checking within QuickTimeInternetExtras.qtx file. - improper handling of panorama atoms in QTVR movie files. - improper handling of maxTilt, minFieldOfView and maxFieldOfView parameters in panorama track PDAT atoms. - an uninitialized memory access in the third-party Indeo v5 codec. - an invalid pointer in handling of PICT images. - memory corruption in handling of STSZ atoms in movie files within CallComponentFunctionWithStorage() function. - multiple memory corruption in H.264 encoded movie files. - parsing of movie video files in QuickTimeH264.scalar and MP4 video files in QuickTimeH264.qtx.
Affected Software
Affected Software
Apple QuickTime versions prior to 7.5.5 on Windows (all)
Solution
Solution
Upgrade to version 7.5.5.