Memory corruption

The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the samplesizetable in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted mov...

Design/Logic Flaw

Apple QuickTime before 7.5.5 does not properly handle 1 MDAT atoms in MP4 video files within QuickTimeH264.qtx, 2 MDAT atoms in mov video files within QuickTimeH264.scalar, and 3 AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrar...

Out-of-bounds

Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service application crash via a crafted PICT image that triggers an out-of-bounds read...

Null pointer dereference

Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted PICT image, related to an "invalid pointer issue."...

Stack overflow

Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 aka IV32 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted...

Integer overflow

Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted PICT image, which triggers heap corruption...

Stack overflow

Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a QuickTime Virtual Reality QTVR movie file with crafted 1 maxTilt, 2 minFieldOfView, and 3 maxFieldOfView elements in panorama track PD...

Apple QuickTime Movie/PICT/QTVR多个远程漏洞

BUGTRAQ ID: 31086 CVE ID：CVE-2008-3615 CVE-2008-3635 CVE-2008-3624 CVE-2008-3625 CVE-2008-3614 CVE-2008-3626 CVE-2008-3627 CVE-2008-3628 CVE-2008-3629 CNCVE ID：CNCVE-20083615 CNCVE-20083635 CNCVE-20083624 CNCVE-20083625 CNCVE-20083614 CNCVE-20083626 CNCVE-20083627 CNCVE-20083628 CNCVE-20083629...

CVE-2008-3614

Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted PICT image, which triggers heap corruption...

CVE-2008-3624

Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a QuickTime Virtual Reality QTVR movie file with crafted panorama atoms...

CVE-2008-3625

Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a QuickTime Virtual Reality QTVR movie file with crafted 1 maxTilt, 2 minFieldOfView, and 3 maxFieldOfView elements in panorama track PD...

CVE-2008-3626

The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the samplesizetable in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted mov...

CVE-2008-3627

Apple QuickTime before 7.5.5 does not properly handle 1 MDAT atoms in MP4 video files within QuickTimeH264.qtx, 2 MDAT atoms in mov video files within QuickTimeH264.scalar, and 3 AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrar...

CVE-2008-3628

Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted PICT image, related to an "invalid pointer issue."...

CVE-2008-3635

Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 aka IV32 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted...

CVE-2008-3627

Apple QuickTime before 7.5.5 is affected by CVE-2008-3627 due to malformed MDAT atoms in MP4 (QuickTimeH264.qtx) and in mov files (QuickTimeH264.scalar), plus AVC1 atoms in an unknown type. Exploitation via a crafted H.264 movie could lead to arbitrary code execution or a denial of service (heap ...

CVE-2008-3628

Summary: CVE-2008-3628 affects Apple QuickTime for Windows prior to 7.5.5. The issue is an invalid pointer in QuickTime’s handling of PICT images, which can allow remote attackers to execute arbitrary code or cause a denial of service (application crash). Affected product/behavior: Apple QuickTim...

CVE-2008-3629

CVE-2008-3629 affects Apple QuickTime before 7.5.5. The vulnerability is in the handling of PICT images, causing an out-of-bounds read and a denial of service (application crash). Affected software: QuickTime (older than 7.5.5). Impact: DoS; no evidence of remote code execution in the provided do...

CVE-2008-3626

Apple QuickTime prior to 7.5.5 is affected by a memory-corruption vulnerability in CallComponentFunctionWithStorage when handling large entries in the STSZ atoms’ sample_size_table. A crafted movie file can allow remote attackers to execute arbitrary code or cause a denial of service. The issue a...

CVE-2008-3625

Apple QuickTime before 7.5.5 is affected by a stack-based buffer overflow in the PDAT atom of QuickTime VR (QTVR) files, triggered by crafted panorama track elements (maxTilt, minFieldOfView, maxFieldOfView). Exploitation can lead to remote code execution or a denial of service. Remediation: upgr...