Apple QuickTime Multiple Remote Code Execution Vulnerabilities

Multiple vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to take complete control of an affected system.

1. Due to an uninitialized memory access in the third-party Indeo v5 codec (not shipped with QuickTime), which could be exploited to execute arbitrary code via a specially crafted movie file.

2. Due to a stack overflow error in the third-party Indeo v3.2 codec, which could be exploited to execute arbitrary code via a specially crafted movie file.

3. Due to a heap overflow error when handling panorama atoms in QTVR (QuickTime Virtual Reality) movie files, which could be exploited by attackers to execute arbitrary code.

4. Due to a stack overflow error when handling panorama atoms in QTVR (QuickTime Virtual Reality) movie files, which could be exploited by attackers to execute arbitrary code.

5. Due to an integer overflow error when handling malformed PICT images, which could allow attackers to compromise a vulnerable system via a malicious image.

6. Due to a memory corruption error when handling STSZ atoms in movie files, which could allow attackers to compromise a vulnerable system via a malicious movie file.

7. Due to a memory corruption errors when handling H.264 encoded movie files, which could be exploited by attackers to execute arbitrary code.

8. Due to an invalid pointer error when handling PICT images, which could be exploited by attackers to execute arbitrary code.

9. Due to an out-of-bounds read error when handling PICT images, which could be exploited to cause a denial of service.