Code injection

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory consumption via a crafted QuickTime file...

CVE-2017-13823

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via a crafted app...

CVE-2017-13807

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory consumption via a crafted QuickTime file...

CVE-2017-13807

CVE-2017-13807 affects macOS High Sierra before 10.13.1, in the Audio path. A remote attacker could craft a QuickTime file to trigger arbitrary code execution or memory consumption (DoS). Root cause: memory handling issue in Audio when parsing QuickTime content. A patch is available in 10.13.1 Se...

CVE-2017-13823

CVE-2017-13823 affects macOS prior to 10.13.1, specifically the QuickTime component, enabling bypass of memory-read restrictions via a crafted app. The issue is documented by Apple in the macOS High Sierra 10.13.1 security update (HT208221) and listed among affected components; Apple notes the up...

macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)

The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Font...

Apple macOS High Sierra Audio code execution vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple Inc. for Mac computers.Audio is one of the audio components of the system. A security vulnerability exists in the Audio component of Apple macOS High Sierra versions prior to 10.13.1. A remote attacker can exploit this...

Apple macOS High Sierra QuickTime Address Bar Deception Vulnerability

Apple macOS High Sierra is a proprietary operating system developed by Apple Inc. for Mac computers.QuickTime is one of the multimedia playback components. A security vulnerability exists in the QuickTime component of Apple macOS High Sierra versions prior to 10.13.1. An attacker can exploit this...

Memory Corruption Vulnerability in Storm Video 5 PC Client (CNVD-2017-35532)

Storm Video 5 is a video player from Beijing Storm Technology Co. A memory corruption vulnerability exists when opening certain MOV files in the Storm Video player, which can be exploited by an attacker to cause a denial of service...

About the security content of macOS High Sierra 10.13

About the security content of macOS High Sierra 10.13 This document describes the security content of macOS High Sierra 10.13. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

UBUNTU-CVE-2017-12145

In libquicktime 1.2.4, an allocation failure was found in the function quicktimereadftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file...

DEBIAN-CVE-2017-12143

In libquicktime 1.2.4, an allocation failure was found in the function quicktimereadinfo in lqtquicktime.c, which allows attackers to cause a denial of service via a crafted file...

DEBIAN-CVE-2017-12145

In libquicktime 1.2.4, an allocation failure was found in the function quicktimereadftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file...

libquicktime 'quicktime_read_ftyp' function denial of service vulnerability

libquicktime is a library for reading and writing files in quicktime, avi and mp4 formats. A security vulnerability exists in the 'quicktimereadftyp' function in the ftyp.c file in libquicktime version 1.2.4. An attacker can exploit this vulnerability to cause a denial of service with the help of...

libquicktime 'quicktime_read_info' function denial of service vulnerability

libquicktime is a library for reading and writing files in quicktime, avi and mp4 formats. A security vulnerability exists in the 'quicktimereadinfo' function of the lqtquicktime.c file in libquicktime version 1.2.4. An attacker can exploit this vulnerability to cause a denial of service with the...

Apple QuickTime for Windows Buffer Overflow Vulnerability

Apple QuickTime for Windows is a multimedia playback software for Windows developed by Apple. The program is capable of handling a wide range of resources such as digital video, media passages, and more. A buffer overflow vulnerability exists in versions of Apple QuickTime for Windows prior to...

Apple QuickTime for Windows Installer Untrustworthy Search Path Vulnerability

Apple QuickTime for Windows is a multimedia playback software for Windows developed by Apple. The program is capable of handling a wide range of resources such as digital video, media passages, and more. An untrusted search path vulnerability exists in the installer in QuickTime for Windows. An...

Design/Logic Flaw

Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2017-2218

Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2017-2218

The CVE-2017-2218 entry describes an untrusted search path vulnerability in the Installer of QuickTime for Windows (CWE-427). The underlying issue is DLL search path handling that can be exploited by placing a Trojan horse DLL in an unspecified directory, enabling arbitrary code execution with th...