Gentoo Linux Security Advisory GLSA 200803-08 - Multiple buffer overflow, heap overflow, and integer overflow vulnerabilities were discovered in the Quicktime plugin when processing MOV, FLC, SGI, H.264 and FPX files. Versions less than 20071007-r2 are affected.
d9fa559b3abcc9c46f70ec63f6f34cb4ab4ef591354f8477e048ad99b4bade9d
McAfee Avert(tm) Labs Security Advisory - Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI. Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed. Vulnerable systems include QuickTime versions 7.1.2 and below for Mac OS X, QuickTime for Windows versions 7.1.2 and below.
baa83c53a32c6e6b2ca767a2b148f0a75247b22b96d758cc380dd86d88589895
iDefense Security Advisory 09.12.06 - Remote exploitation of a heap-based buffer overflow in Apple Computer's QuickTime Player could allow attackers to execute code under the privileges of the affected application. A FLIC file is an animation file consisting of a number of frames, each of which is made up of an image and may contain other information such as a palette or a label. The vulnerability specifically exists in the handling of the COLOR_64 chunk in FLIC format files. QuickTime does not validate that the data size allocated to store the palette is large enough, allowing a malformed file to cause controllable heap corruption. iDefense Labs confirmed that version 7.1 of the QuickTime player is vulnerable. It is suspected that all previous versions are also affected.
8bcabb0d8beb068b97d485b6166612603ed049aad375daf5647a8eed72680052