Remote Code Execution Flaw in QT Media Foundation on Apple OS X
CVE-2014-1391

Currently unrated

Key Information:

Vendor: Apple
Status: Mac Os X; Mac Os X Server
Vendor: CVE Published:; 19 September 2014

Summary

A vulnerability exists in QT Media Foundation on Apple OS X prior to version 10.9.5, allowing remote attackers to exploit crafted movie files. Through specially encoded RLE (Run-Length Encoding) content, attackers can cause memory corruption, leading to denial of service events including application crashes, or potentially enabling the execution of arbitrary code on the affected systems.

References

https://support.apple.com/kb/HT6493

x_refsource_CONFIRM

http://www.securitytracker.com/id/1030868

vdb-entryx_refsource_SECTRACK

http://support.apple.com/kb/HT6443

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 19, 2014
Vulnerability Reserved
Jan 8, 2014