9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.969 High
EPSS
Percentile
99.7%
Versions of QuickTime earlier than 7.7.4 are affected by the following vulnerabilities :
A buffer overflow existed in the handling of ‘enof’ atoms. (CVE-2013-0986)
A memory corruption issue existed in the handling of QTIF files. (CVE-2013-0987)
A buffer overflow existed in the handling of FPX files. (CVE-2013-0988)
A buffer overflow existed in the handling of MP3 files. (CVE-2013-0989)
A memory corruption issue existed in the handling of TeXML files. (CVE-2013-1015)
A buffer overflow existed in the handling of H.263 encoded movie files. (CVE-2013-1016)
A buffer overflow existed in the handling of ‘dref’ atoms. (CVE-2013-1017)
A buffer overflow existed in the handling of H.264 encoded movie files. (CVE-2013-1018)
A buffer overflow existed in the handling of Sorenson encoded movie files. (CVE-2013-1019)
A memory corruption issue existed in the handling of JPEG encoded data. (CVE-2013-1020)
A buffer overflow existed in the handling of JPEG encoded data. (CVE-2013-1021)
A buffer underflow existed in the handling of ‘mvhd’ atoms. (CVE-2013-1022)
Successful exploitation of these issues could result in program termination or arbitrary code execution, subject to the user’s privileges
Binary data 801190.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0987
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1017
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1022
prod.lists.apple.com/archives/security-announce/2013/May/msg00001.html
support.apple.com/kb/HT1222