CVE-2012-0663

CVE-2012-0663 concerns Apple QuickTime on Windows, where TeXML processing is vulnerable to stack-based buffer overflows in QuickTime before 7.7.2. The issue arises while parsing TeXML elements (e.g., color strings and transform attributes), allowing a remote attacker to trigger arbitrary code exe...

CVE-2012-3753

CVE-2012-3753 is a buffer overflow vulnerability in the Apple QuickTime plugin's handling of MIME types (Content-Type) prior to 7.7.3. The issue allows remote attackers to cause an application crash or execute arbitrary code. Public references in the provided documents include NVD, CPAI-2013-1665...

CVE-2012-3754

Affected software: Apple QuickTime for Windows (ActiveX control). Issue: Use-after-free in Clear() method of the QuickTime ActiveX control, leading to remote code execution or denial of service. Root cause: incorrect handling in the Clear method as described in CVE-2012-3754. Impact: arbitrary co...

CVE-2013-0986

Apple QuickTime prior to version 7.7.4 contains a buffer overflow vulnerability in the handling of enof atoms in movie files, potentially allowing remote code execution or a crash. Exploitation would require a crafted movie file delivered to a target system, with network access. Mitigation: apply...

CVE-2012-3756

CVE-2012-3756 : Apple QuickTime before 7.7.3 contains a heap/bounds-checking vulnerability in the parsing of QuickTime rnet boxes inside MP4 files. A remote attacker could craft a movie file to trigger a buffer overflow, potentially allowing arbitrary code execution or an application crash. Publi...

CVE-2012-0671

CVE-2012-0671 : Apple QuickTime before 7.7.2 is affected. Memory corruption/remote code execution or denial of service can occur when processing a crafted .pict file. This is tied to QuickTime/PICT handling and is documented in multiple sources, including the vulnerability entry for CVE-2012-0671...

CVE-2012-3752

CVE-2012-3752: Apple QuickTime before 7.7.3 has multiple buffer overflows in TeXML style elements, allowing remote attackers to cause arbitrary code execution or a denial of service via a crafted TeXML file. Public materials reference a 7.7.2/7.7.3 window and show exploit notes (Metasploit module...

CVE-2013-1020

Apple QuickTime (pre-7.7.4) is affected by a heap overflow/memory corruption vulnerability in the MJPEG/STSD processing of JPEG data in movie files, potentially enabling remote code execution or crashes. Multiple advisories (CPAI-2013-2502, ZDI-13-114, OpenVAS entries, and the NVD entry) confirm ...

CVE-2011-3250

CVE-2011-3250 describes an integer overflow in Apple QuickTime prior to version 7.7.1 that can be triggered by a crafted JPEG2000-encoded movie file , allowing remote code execution or a denial of service (application crash). The description indicates the vulnerability lies in QuickTime’s handlin...

CVE-2013-1017

CVE-2013-1017 affects Apple QuickTime prior to 7.7.4. The vulnerability is a buffer overflow in the handling of certain atoms (notably dref ) in QuickTime movie files, which can be triggered by crafted files and may lead to remote code execution or a denial-of-service (crash) . Public sources in ...

CVE-2012-0664

CVE-2012-0664 affects Apple QuickTime on Windows prior to version 7.7.2. It is a heap-based buffer overflow in QuickTime’s handling of text tracks in a movie file, exploited via a crafted text track to execute arbitrary code or crash the application. Apple’s advisory notes QuickTime 7.7.2 as the ...

CVE-2012-0667

CVE-2012-0667 affects Apple QuickTime on Windows prior to 7.7.2. The vulnerability resides in the QuickTimeVR.qtx component, where a signedness error in processing a QTVRStringAtom leads to an integer overflow, enabling remote code execution or an application crash when a crafted QTVR movie is op...

CVE-2015-3791

Technical details about CVE-2015-3791 are not publicly available in the provided documents. Monitor official Apple advisories and CVE references for any updates or fixes.

CVE-2015-3668

Affected software: Apple QuickTime (QT Media Foundation) before 7.7.7. Vulnerable component: QT Media Foundation handling crafted files. Root cause: memory corruption/unsafe parsing of crafted media files, enabling remote code execution or a denial of service. Impact: arbitrary code execution or ...

CVE-2015-3792

Technical details for CVE-2015-3792 are not publicly available in the provided documents. Monitor for updates from official advisories.

CVE-2015-3788

Technical details for CVE-2015-3788 are not publicly provided in the connected documents. The EUVD records mention malware related to “sbrugna” but do not describe affected software, root cause, impact, or fixes. Monitor for updates.

CVE-2015-3666

CVE-2015-3666 affects Apple QuickTime’s QT Media Foundation prior to 7.7.7 (on OS X

CVE-2015-3661

CVE-2015-3661 : In Apple QuickTime, QT Media Foundation before 7.7.7 on OS X prior to 10.10.4 (and other products) can be triggered by a crafted file to execute arbitrary code or cause memory corruption leading to a DoS. Root cause is memory handling in QT Media Foundation when parsing certain fi...

CVE-2006-4965

CVE-2006-4965 concerns Apple QuickTime 7.1.3 Player/Plug-In. The vulnerability allows remote attackers to run arbitrary JavaScript via a QuickTime Media Link (QTL) file containing an embed XML element and a qtnext parameter that can reference resources outside the original domain. As of 2007-09-1...

CVE-2014-1246

CVE-2014-1246 refers to a buffer overflow in Apple QuickTime prior to 7.7.5. The vulnerability occurs in the handling of the ‘ftab’ atom when parsing movie files, enabling remote attackers to cause arbitrary code execution or an application crash. Affected product: Apple QuickTime. Root cause: me...

CVE-2010-3788

This CVE (CVE-2010-3788) affects Apple QuickTime on Mac OS X 10.6.x prior to 10.6.5. The issue is an uninitialized memory access in the processing of JP2 images, which can allow a remote attacker to cause arbitrary code execution or a denial of service by crafted JP2 files. According to the provi...

CVE-2015-3779

Technical details (affected products/versions, root cause, fix) are not provided in the connected documents. Monitor for updates from official sources.

CVE-2015-5779

Technical details about CVE-2015-5779 are not publicly provided in the connected documents. The initial description includes some details, but no concrete product/version/impact information is available here. Monitor for updates.

CVE-2015-3765

Technical details about CVE-2015-3765 are not publicly available in the provided documents; no affected product versions, root cause, or remediation are disclosed. Monitor for updates from official sources.

CVE-2015-3667

CVE-2015-3667 affects Apple QuickTime's QT Media Foundation (before 7.7.7) used in OS X pre-10.10.4. The vulnerability is a memory corruption flaw in processing MP4/box structures (notably the stbl box) that can be triggered by a crafted file, potentially allowing remote code execution or a denia...

CVE-2015-5751

Technical details about CVE-2015-5751 are not publicly available in the provided documents. No vendor/version-specific information or exploit details are given here. Monitor for official updates from Apple and vulnerability databases.

CVE-2015-7087

Technical details about CVE-2015-7087 are not publicly provided in the supplied documents. Connected EUVD entries describe malware in sbrugna but do not elaborate this CVE. Monitor for updates.

CVE-2014-1245

Apple QuickTime before 7.7.5 contains a vulnerability in the processing of the stsz atom within movie files. This can allow remote code execution or a crash when a crafted stsz value is processed in a QuickTime viewing context. Exploitation requirements include user interaction (per ZDI advisory)...

CVE-2010-3792

CVE-2010-3792 is a QuickTime vulnerability in MPEG-encoded movie file handling. A signedness error in QuickTime’s MPEG parsing could allow either an application crash or arbitrary code execution when processing a crafted movie file. The issue affected Mac OS X and related QuickTime components pri...

CVE-2014-1250

CVE-2014-1250 affects Apple QuickTime prior to 7.7.5. The issue is described as an out-of-bounds memory access caused by improper byte-swapping in the ttfo element of a movie file, enabling remote code execution or a crash. The connected sources corroborate QuickTime-related vulnerabilities and l...

CVE-2015-7089

Technical details are not provided in the connected documents. No public specifics about affected product, root cause, impact, or fixes are included. Monitor for updates.

CVE-2005-4092

Summary of CVE-2005-4092 and related advisories: This issue is a heap-based overflow in Apple QuickTime/ iTunes involving QuickTime.qts, exploitable via crafted QuickTime movie files. The vulnerabilities concern the handling of the Movie Resource atom with a large size and the STSD (Sample Descri...

CVE-2011-0251

CVE-2011-0251 is an Apple QuickTime STSZ atom parsing vulnerability that causes a heap-based buffer overflow, enabling remote code execution or a crash when processing crafted QuickTime Movie files. The flaw exists in QuickTime prior to 7.7 and stems from handling of STSZ atoms, per ZDI advisorie...

CVE-2011-3249

CVE-2011-3249 involves a buffer overflow in Apple QuickTime prior to version 7.7.1 . A crafted movie file using the FLC encoding can be used by a remote attacker to trigger arbitrary code execution or cause a denial of service (application crash). The vulnerability is reported as highly impactful...

CVE-2014-1243

Apple QuickTime before 7.7.5 is affected by CVE-2014-1243 due to an uninitialized pointer in track list handling, allowing remote arbitrary code execution or a crash when processing crafted movie files. Exploitation is described in multiple sources (e.g., ZDI-14-044 states a nam atom parsing flaw...

CVE-2014-1244

Apple QuickTime contains a buffer overflow in the H.264 handling path that can allow remote code execution or denial of service when processing a crafted movie file, affecting QuickTime versions prior to 7.7.5 (Windows). The issue is one of multiple vulnerabilities described for QuickTime fixed i...

CVE-2015-7085

Technical details for CVE-2015-7085 are not publicly available in the provided documents. No specifics on affected products, root cause, or remediation are listed. Monitor for updates.

CVE-2005-2743

CVE-2005-2743 affects Apple Mac OS X 10.3.9 and earlier where Java extensions for QuickTime (version 6.52 and earlier) allow untrusted applets to call arbitrary functions in system libraries, enabling remote code execution. The root cause is a flaw in the Java extensions integration with QuickTim...

CVE-2007-5045

CVE-2007-5045 describes an argument injection in Apple QuickTime 7.1.5 and earlier when used with Mozilla Firefox

CVE-2010-1818

CVE-2010-1818 affects Apple QuickTime QTPlugin.ocx (QuickTime 6.x and 7.x before 7.6.8). The vulnerability arises from an input validation error in the _Marshaled_pUnk parameter, triggering unmarshalling of an untrusted pointer and allowing remote code execution with the user’s privileges. Public...

CVE-2007-0462

The CVE-2007-0462 entry concerns Apple QuickDraw (used by QuickTime 7.1.3 and other apps on Mac OS X 10.4.8 and earlier) with a memory corruption vulnerability in the _GetSrcBits32ARGB function. A crafted PICT image containing a malformed Alpha RGB (ARGB) record can trigger memory corruption, lea...

CVE-2007-6166

CVE-2007-6166 is a stack-based buffer overflow in Apple QuickTime

CVE-2008-0234

CVE-2008-0234 concerns a buffer overflow in Apple QuickTime Player (notably 7.3.1.70 and older than 7.4.1) when RTSP tunneling is enabled. A long Reason-Phrase in an RTSP response (e.g., via a crafted 404 message) can allow a remote attacker to execute arbitrary code on affected systems (Mac OS X...

CVE-2010-3790

CVE-2010-3790 affects Apple QuickTime on Mac OS X, where a crafted QuickTime movie file can trigger a memory corruption/buffer overrun during parsing of a matrix structure in a PICT/RIFF context, allowing remote code execution or a crash. The flaw can be exploited by simply opening or viewing a m...

CVE-2011-0187

CVE-2011-0187 affects Mac OS X via the CoreMedia/QuickTime path: a cross-origin redirect in CoreMedia could bypass Same Origin Policy and allow access to potentially sensitive video data. The public details in connected docs indicate this is tied to OS X Lion/QuickTime/CoreMedia components, with ...

CVE-2011-0257

CVE-2011-0257 affects Apple QuickTime prior to 7.7. It stems from an integer signedness error in processing PICT PnSize, triggering a stack-based buffer overflow via a crafted PnSize opcode in a PICT file. Consequences documented: remote code execution or a denial of service (application crash). ...

CVE-2015-7088

CVE-2015-7088 concerns Apple QuickTime before 7.7.9, where a crafted movie file can cause remote code execution or memory corruption leading to a denial of service. The description notes this is a separate vulnerability from CVE-2015-7085/7086/7087/7089/7090/7091/7092/7117. Exploitation details o...

CVE-2009-2798

CVE-2009-2798 describes a heap-based buffer overflow in Apple QuickTime before 7.6.4 triggered by parsing a crafted FlashPix (.fpx) file. The flaw occurs during handling of sector-related fields, where multiplication of two 32-bit values leads to an undersized heap allocation, allowing a remote a...

CVE-2011-0258

CVE-2011-0258 affects Apple QuickTime on Windows. The vulnerability arises in the handling of the mp4v atom within movie files, where an improper allocation/size checking leads to memory corruption and potential remote code execution. Exploitation would require user interaction (e.g., opening a c...

CVE-2012-0669

Apple QuickTime on Windows (CVE-2012-0669) has a remote code execution vulnerability in parsing Sorenson SVQ3 streams. The flaw can cause arbitrary code execution via a crafted movie file; exploit requires user interaction (e.g., opening a malicious file or visiting a malicious page). The issue i...