Lurene Grenier

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.6.2 **Description** The issue arises from improper memory initialization in handling movie files, specifically when encountering a user data atom of size zero. This can be exploited by remote attackers to execute arbitrary code or cause the application to crash. **Recommendations** For versions prior to 7.6.2, update to version 7.6.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libopenexr6 versions (affected versions not specified) libopenexr2c2a versions (affected versions not specified) libopenexr-dev versions (affected versions not specified) OpenEXR version 1.2.2 **Description** The issue affects the compression implementation in OpenEXR, allowing context-dependent attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely. **Recommendations** For libopenexr6, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For libopenexr2c2a, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For libopenexr-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For OpenEXR version 1.2.2, consider updating to a version that fixes the heap-based buffer overflow in the compression implementation to prevent potential denial of service or arbitrary code execution.