Quicktime 7.6 fixes 7 security issues
Here is the security content related to QuickTime 7.6, available for download here.
CVE-ID: CVE-2009-0001
A heap buffer overflow exists in QuickTime’s handling of RTSP URLs. Accessing a maliciously crafted RTSP URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of RTSP URLs.
CVE-ID: CVE-2009-0002
A heap buffer overflow exists in QuickTime’s handling of THKD atoms in QTVR (QuickTime Virtual Reality) movie files. Viewing a maliciously crafted QTVR file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
CVE-ID: CVE-2009-0003
A heap buffer overflow may occur while processing an AVI movie file. Opening a maliciously crafted AVI movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
CVE-ID: CVE-2009-0004
A buffer overflow exists in the handling of MPEG-2 video files with MP3 audio content. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
CVE-ID: CVE-2009-0005
A memory corruption exists in QuickTime’s handling of H.263 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of H.263 encoded movie files.
CVE-ID: CVE-2009-0006
A signedness issue exists in QuickTime’s handling of Cinepak encoded movie files, which may result in a heap buffer overflow. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of movie files.
CVE-ID: CVE-2009-0007
A heap buffer overflow exists in QuickTime’s handling of jpeg atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.