CVE-2013-1015

Apple QuickTime TeXML memory corruption vulnerability (CVE-2013-1015) exists due to insufficient validation of coordinates in textBox/defaultTextBox within TeXML files. A remote attacker could trigger memory corruption, enabling arbitrary code execution or crash. Public reports (ZDI-13-112) descr...

CVE-2013-1022

CVE-2013-1022 is a buffer overflow in Apple QuickTime before 7.7.4 triggered by crafted mvhd atoms in movie files, potentially allowing arbitrary code execution or a crash. Affected products linked in public advisories include QuickTime on Windows; Apple-SA-2013-05-22-1 describes QuickTime 7.7.4 ...

CVE-2013-1020

Apple QuickTime (pre-7.7.4) is affected by a heap overflow/memory corruption vulnerability in the MJPEG/STSD processing of JPEG data in movie files, potentially enabling remote code execution or crashes. Multiple advisories (CPAI-2013-2502, ZDI-13-114, OpenVAS entries, and the NVD entry) confirm ...

CVE-2013-1019

CVE-2013-1019 is a vulnerability in Apple QuickTime’s handling of Sorenson-encoded movie data. According to the ZDI advisory (ZDI-13-118), processing a malformed Sorenson Video 3 mdat section in a QuickTime movie can enable remote code execution on vulnerable QuickTime implementations, with user ...

CVE-2013-1018

Apple QuickTime CVE-2013-1018 is a buffer overflow in parsing of H.264-encoded movie data that could allow remote code execution or crash. It is documented as affecting QuickTime prior to 7.7.4; multiple advisories and scanners list this CVE among others related to QuickTime vulnerabilities. Reme...

CVE-2013-0989

CVE-2013-0989 : A buffer overflow in Apple QuickTime prior to 7.7.4 can be triggered by a crafted MP3 file, allowing remote attackers to execute arbitrary code or cause a denial of service (application crash). Public references in the providedOpenVAS/Nessus data confirm QuickTime as the vulnerabl...

CVE-2013-0987

CVE-2013-0987 affects Apple QuickTime, with a memory corruption flaw in the handling of QTIF files that could allow remote code execution or a crash. The vulnerability is listed across multiple OpenVAS entries for Apple QuickTime/QuickTime Player (Mac OS X and Windows) and is tied to QuickTime’s ...

CVE-2013-1016

CVE-2013-1016: Apple QuickTime before 7.7.4 contains a buffer overflow in the H.263 parsing path that can lead to remote code execution or a denial of service when processing crafted movie files. ZDI and multiple advisories describe this as a remote-code-execution vulnerability in QuickTime’s han...

CVE-2013-0988

CVE-2013-0988 is a QuickTime FPX parsing vulnerability: a buffer overflow in handling FPX files could allow remote code execution (or application crash). The vulnerability is exploitable via a crafted FPX file, with attack vector over a network and no authentication, and is reflected in a high-se...

CVE-2013-1017

CVE-2013-1017 affects Apple QuickTime prior to 7.7.4. The vulnerability is a buffer overflow in the handling of certain atoms (notably dref ) in QuickTime movie files, which can be triggered by crafted files and may lead to remote code execution or a denial-of-service (crash) . Public sources in ...

CVE-2013-1022

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted mvhd atoms in a movie file...

CVE-2013-1020

Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted JPEG data in a movie file...

CVE-2013-0986

Apple QuickTime prior to version 7.7.4 contains a buffer overflow vulnerability in the handling of enof atoms in movie files, potentially allowing remote code execution or a crash. Exploitation would require a crafted movie file delivered to a target system, with network access. Mitigation: apply...

Apple Patches QuickTime on Windows, Fixes 12 Bugs

Apple pushed out version 7.7.4 of its multimedia framework QuickTime for Windows users on Wednesday, addressing a handful of issues, some which could have led to arbitrary code execution and caused the program to unexpectedly terminate. It’s Apple’s first QuickTime update of the year and the firs...

QuickTime < 7.7.4 Multiple Vulnerabilities (Windows) (deprecated)

Binary data 6840.prm...

QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)

Binary data 801190.prm...

KLA10017 Multiple vulnerabilities in Apple QuickTime

Multiple serious vulnerabilities have been found in Apple QuickTime. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service. Vectors related to unknown applications can be exploited to execute arbitrary code or cause denial of service via specially...

Apple QuickTime TeXML Color String Parsing Buffer Overflow - Improved Performance (CVE-2012-0663)

A stack buffer overflow vulnerability has been reported in Apple QuickTime. The vulnerability is due to insufficient validation of a string length when processing certain elements inside QuickTime TeXML files. A remote attacker can exploit this issue by enticing a target user to open a specially...

Apple QuickTime ActiveX Control Clear Method Use After Free - Improved Performance (CVE-2012-3754)

A use-after-free vulnerability has been reported in Apple QuickTime's ActiveX control. The vulnerability is due to an error while handling a certain method. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted web page using Internet Explorer...

Apple QuickTime Plugin Content-Type Buffer Overflow - Improved Performance (CVE-2012-3753)

A stack buffer overflow vulnerability has been reported in Apple QuickTime plugin. The vulnerability is due to insufficient bounds checking. A remote attacker could exploit this vulnerability by enticing the target user to view a specially crafted web page. Successful exploitation would allow...