Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

1) An error in the processing of QDM2 encoded audio content can be exploited to cause a buffer overflow.

2) An error within QuickTimeAudioSupport.qtx when processing QDMC encoded audio content can be exploited to trigger a memory corruption.

3) An error within quicktime.qts when processing H.263 encoded movie files can be exploited to cause a heap-based buffer overflow.

4) An error in the processing of H.261 encoded movie files can be exploited to cause a heap-based buffer overflow.

5) An error when handling PICT images can be exploited to cause a heap-based buffer overflow.

6) An error when calculating the length of a buffer while processing H.264 encoded movie files can be exploited to trigger a memory corruption.

7) An error in the parsing of samples in RLE encoded movie files can be exploited to cause a heap-based buffer overflow.

8) An error in the processing of M-JPEG encoded movie files can be exploited to cause a heap-based buffer overflow as one value is used for calculating the size of a heap buffer while another value is used when copying data to it.

9) An error in the processing of Sorenson encoded movie files can be exploited to trigger a memory corruption.

10) An integer overflow error in the parsing of the "NumberOfTiles" field in the SubImage Header Stream of FlashPix encoded movie files can be exploited to cause a buffer overflow.

11) An error within QuickTimeAuthoring.qtx when parsing "DELTA_FLI" chunks in FLC encoded movie files can be exploited to cause a heap-based buffer overflow during decompression.

12) An error in the processing of the "genl" atom in MPEG encoded movie files can be exploited to cause a heap-based buffer overflow when decompressing data.

13) An integer overflow error in the processing of PICT images can be exploited to cause a memory corruption.

14) An error when handling color tables included in MediaVideo movie files can be exploited to corrupt memory.

15) An integer overflow error in QuickTime.qts when processing PICT images can be exploited to cause a heap-based buffer overflow via a specially crafted BkPixPat (0x12) opcode.

16) An error in the processing of BMP images can be exploited to trigger a memory corruption.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 7.6.6.

Solution
Update to version 7.6.6.

Provided and/or discovered by
1, 2, 3, 6, 7, 10, 12, 14) An anonymous person via ZDI.
8) Damian Put and an anonymous person, reported via ZDI.
4, 9) The vendor credits Will Dormann of the CERT/CC
5, 13) Nicolas Joly of Vupen
11) Nicolas Joly of Vupen, an anonymous person, and Moritz Jodeit of n.runs AG, reported via ZDI.
15) Damian Put, reported via ZDI.
16) The vendor credits SkyLined of Google

Changelog
Further details available in Customer Area

Original Advisory
Apple:
http://support.apple.com/kb/HT4104

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-035/
http://www.zerodayinitiative.com/advisories/ZDI-10-036/
http://www.zerodayinitiative.com/advisories/ZDI-10-037/
http://www.zerodayinitiative.com/advisories/ZDI-10-038/
http://www.zerodayinitiative.com/advisories/ZDI-10-040/
http://www.zerodayinitiative.com/advisories/ZDI-10-041/
http://www.zerodayinitiative.com/advisories/ZDI-10-042/
http://www.zerodayinitiative.com/advisories/ZDI-10-043/
http://www.zerodayinitiative.com/advisories/ZDI-10-044/
http://www.zerodayinitiative.com/advisories/ZDI-10-045/
http://www.zerodayinitiative.com/advisories/ZDI-10-067/
http://www.zerodayinitiative.com/advisories/ZDI-10-068/
http://www.zerodayinitiative.com/advisories/ZDI-10-244/

SkyLined:
http://skypher.com/index.php/2010/04/12/apple-quicktime-memory-corruption-when-loading-bmp-file/

Deep Links
Links available in Customer Area