Quicktime Security Vulnerabilities
ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
7.5AI Score
0.017EPSS
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.
7.9AI Score
0.013EPSS
Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama ...
7.8AI Score
0.436EPSS
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted m...
7.5AI Score
0.03EPSS
Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbi...
7.6AI Score
0.064EPSS
Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."
7.5AI Score
0.022EPSS
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.
6AI Score
0.018EPSS
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafte...
7.9AI Score
0.016EPSS
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_st...
8.2AI Score
0.087EPSS
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
7.8AI Score
0.045EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
9.2AI Score
0.029EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.
7.9AI Score
0.891EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.
7.9AI Score
0.414EPSS
Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.
7.8AI Score
0.042EPSS
Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.
7.6AI Score
0.038EPSS
Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.
7.7AI Score
0.588EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.
7.9AI Score
0.884EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file.
8AI Score
0.054EPSS
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file.
7.8AI Score
0.04EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.
7.9AI Score
0.208EPSS
Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image.
7.8AI Score
0.113EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
8AI Score
0.593EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types.
8AI Score
0.938EPSS
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."
7.7AI Score
0.916EPSS
Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero.
7.7AI Score
0.018EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.
8AI Score
0.938EPSS
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
7.8AI Score
0.02EPSS
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
7.7AI Score
0.02EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
7.7AI Score
0.628EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file.
7.7AI Score
0.628EPSS
Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
7.8AI Score
0.006EPSS
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length val...
7.9AI Score
0.066EPSS
Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memor...
8.1AI Score
0.94EPSS
Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory.
5.1AI Score
0.0004EPSS
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.
7.9AI Score
0.007EPSS
Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.
8.1AI Score
0.073EPSS
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
8AI Score
0.404EPSS
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.
7.3AI Score
0.971EPSS
Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is lo...
7.3AI Score
0.005EPSS
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.
9AI Score
0.08EPSS
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.
9.2AI Score
0.063EPSS
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.
7.9AI Score
0.078EPSS
Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.
9.2AI Score
0.072EPSS
Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.
9AI Score
0.062EPSS
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.
9.2AI Score
0.063EPSS
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
7.7AI Score
0.045EPSS
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.
6.8AI Score
0.045EPSS
Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.
6.7AI Score
0.052EPSS
Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
6.6AI Score
0.019EPSS
QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.
6.8AI Score
0.012EPSS