Vigil@nce - Apple QuickTime: multiple vulnerabilities
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Apple QuickTime.
– Impacted products: QuickTime
– Severity: 2/4
– Creation date: 23/10/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Apple QuickTime.
An attacker can generate a memory corruption in RLE decompression,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2014-1391]
An attacker can generate a buffer overflow in the processing of
MIDI files, in order to trigger a denial of service, and possibly
to execute code. [severity:2/4; CVE-2014-4350]
An attacker can generate a buffer overflow in the code processing
audio data from m4a files, in order to trigger a denial of
service, and possibly to execute code. [severity:2/4;
CVE-2014-4351]
An attacker can generate a memory corruption in the processing of
MVHD file section, in order to trigger a denial of service, and
possibly to execute code. [severity:2/4; CVE-2014-4979]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apple-QuickTime-multiple-vulnerabilities-15528