246 matches found
CVE-2005-2743
CVE-2005-2743 affects Apple Mac OS X 10.3.9 and earlier where Java extensions for QuickTime (version 6.52 and earlier) allow untrusted applets to call arbitrary functions in system libraries, enabling remote code execution. The root cause is a flaw in the Java extensions integration with QuickTim...
CVE-2007-5045
CVE-2007-5045 describes an argument injection in Apple QuickTime 7.1.5 and earlier when used with Mozilla Firefox
CVE-2008-3626
Apple QuickTime prior to 7.5.5 is affected by a memory-corruption vulnerability in CallComponentFunctionWithStorage when handling large entries in the STSZ atoms’ sample_size_table. A crafted movie file can allow remote attackers to execute arbitrary code or cause a denial of service. The issue a...
CVE-2009-0007
Summary (CVE-2009-0007) : Apple QuickTime contains a heap-based buffer/memory corruption in the handling of JPEG atoms embedded in STSD atoms within QuickTime movie files. The flaw occurs due to lack of boundary checks when processing these JPEG atoms, allowing a remote attacker to cause a crash ...
CVE-2010-3790
CVE-2010-3790 affects Apple QuickTime on Mac OS X, where a crafted QuickTime movie file can trigger a memory corruption/buffer overrun during parsing of a matrix structure in a PICT/RIFF context, allowing remote code execution or a crash. The flaw can be exploited by simply opening or viewing a m...
CVE-2015-3790
Technical details specific to CVE-2015-3790 are not publicly available in the provided Connected documents. Available entries reference Malware in sbrugna for EUVD items but do not reveal affected products, versions, impact or remediation for this CVE. Monitor for updates.
CVE-2007-4707
CVE-2007-4707 concerns Apple QuickTime before 7.3.1, where the Flash media handler contains multiple vulnerabilities that can be exploited by a crafted QuickTime movie to remotely execute arbitrary code. Affected product: QuickTime (Windows and Mac OS X) prior to 7.3.1; vulnerability class is des...
CVE-2009-2798
CVE-2009-2798 describes a heap-based buffer overflow in Apple QuickTime before 7.6.4 triggered by parsing a crafted FlashPix (.fpx) file. The flaw occurs during handling of sector-related fields, where multiplication of two 32-bit values leads to an undersized heap allocation, allowing a remote a...
CVE-2013-1019
CVE-2013-1019 is a vulnerability in Apple QuickTime’s handling of Sorenson-encoded movie data. According to the ZDI advisory (ZDI-13-118), processing a malformed Sorenson Video 3 mdat section in a QuickTime movie can enable remote code execution on vulnerable QuickTime implementations, with user ...
CVE-2015-3789
QuickTime 7 in Apple OS X before 10.10.5 is vulnerable to memory-corruption via a crafted file, enabling remote arbitrary code execution or a denial-of-service (application crash). The vulnerability is addressed in Apple’s response with OS X 10.10.5 updates and related security bulletins (HT20503...
CVE-2007-6166
CVE-2007-6166 is a stack-based buffer overflow in Apple QuickTime
CVE-2008-1581
Apple QuickTime for Windows prior to 7.5 is affected by a heap-based buffer overflow in the PixData structure used when processing PICT images, allowing remote attackers to crash the player and potentially execute arbitrary code via crafted PICT content. Multiple sources corroborate a set of rela...
CVE-2008-3614
Apple QuickTime for Windows before 7.5.5 is vulnerable to an integer overflow in PICT parsing, causing heap corruption that can enable remote code execution or an application crash when presented with a crafted PICT image. Affected product: QuickTime on Windows; root cause: heap corruption from P...
CVE-2009-2203
The CVE-2009-2203 entry describes a buffer overflow in Apple QuickTime prior to 7.6.4 triggered by parsing MPEG-4 video files, which could allow remote code execution or cause a application crash/DoS. Apple released QuickTime 7.6.4 to address this issue (bounds checking improvements).
CVE-2010-3791
CVE-2010-3791 affects Apple QuickTime on Mac OS X 10.6.x prior to 10.6.5. It is a buffer overflow in QuickTime’s handling of MPEG-encoded movie files, which could allow a remote attacker to cause an application crash or execute arbitrary code. The documented remediation is to apply Mac OS X 10.6....
CVE-2010-3801
CVE-2010-3801 affects Apple QuickTime prior to 7.6.9. A crafted FlashPix file can cause memory corruption leading to remote code execution or a denial of service. The issue is addressed by QuickTime/Apple security updates; Apple cites QuickTime 7.6.9 as the fix for Mac OS X (and related Security ...
CVE-2014-1251
Apple QuickTime (Windows) before 7.7.5 is affected by a buffer overflow in the parsing of the clef atom within movie files. The underlying issue is a malformed clef atom that can overflow an allocated buffer, enabling either remote code execution or application crash when a user opens a crafted f...
CVE-2015-3664
CVE-2015-3664 affects Apple QuickTime’s QT Media Foundation. Vulnerable component: QuickTime before version 7.7.7. Issue: memory corruption/remote code execution when processing specially crafted files. The related CVE family (including 3665, 3669) share similar memory‑corruption vectors in Quick...
CVE-2015-5786
Apple QuickTime before 7.7.8 is affected by CVE-2015-5786, where a crafted file can cause memory corruption, enabling remote code execution or a denial of service (application crash). This entry references multiple related CVEs (e.g., CVE-2015-5785) and confirms the vulnerability class as memory ...
CVE-2015-7091
Technical details about CVE-2015-7091 are not publicly provided in the supplied documents; no affected versions, root cause, or fixes are disclosed. Monitor for updates.
CVE-2015-7092
Apple QuickTime before 7.7.9 is vulnerable to remote code execution or denial of service via a crafted TXXX frame in an MP3 ID3 tag inside a movie file, caused by a heap-based buffer overflow in ID3/TXXX processing. No exploitation details or patches are provided in the documents. References: ZDI...
CVE-2004-0921
CVE-2004-0921 affects AFP Server on Mac OS X 10.3.x–10.3.5. When a guest has an AFP volume mounted, they can terminate authenticated user mounts via modified SessionDestroy packets, enabling partial impact to confidentiality, integrity, and availability. Connected sources corroborate the affected...
CVE-2005-2753
CVE-2005-2753 affects Apple QuickTime prior to 7.0.3. An integer overflow in parsing MOV files causes a sign-extension error in a Pascal-style string, enabling user-assisted or remote code execution when a crafted MOV is opened. Impact is remote code execution with the attacker’s code running wit...
CVE-2006-1461
Apple QuickTime before 7.1 is affected by multiple buffer overflows that can allow remote code execution via a crafted QuickTime SWF/file, across Windows and Mac OS X. The issues arise from various integer- and buffer-overflow vulnerabilities in QuickTime’s handling of image/media formats; exploi...
CVE-2007-0015
A buffer overflow in Apple QuickTime 7.1.3’s RTSP URL handling can allow remote code execution via a specially crafted long rtsp:// URI. The issue affects QuickTime’s RTSP URL handler (on affected QuickTime/macOS and Windows environments), enabling arbitrary code execution in the context of the l...
CVE-2007-0718
CVE-2007-0718 describes a heap-based buffer overflow in Apple QuickTime prior to 7.1.5 when processing QTIF files. If a Video Sample Description contains a Color table ID of 0, QuickTime expects a color table post-description and performs a memory swap on memory that may not be part of the heap b...
CVE-2007-3750
CVE-2007-3750 : Heap-based buffer overflow in Apple QuickTime prior to 7.3. The flaw occurs when parsing the Sample Table Sample Descriptor (STSD) atom in QuickTime movie files, allowing a remote attacker to execute arbitrary code. Exploitation described as requiring the user to open a crafted Qu...
CVE-2009-0001
Apple QuickTime before 7.6 is vulnerable to a heap-based buffer overflow triggered by processing crafted RTSP URLs, potentially allowing remote code execution or application termination. Remediation: update to Apple QuickTime 7.6 or newer (per cited advisories).
CVE-2011-0246
CVE-2011-0246 refers to a heap-based buffer overflow in Apple QuickTime on Windows prior to version 7.7, triggered by processing a crafted GIF file. The vulnerability can allow remote code execution or cause an application crash (DoS). The NVD entry confirms the GIF-based overflow as the vector, ...
CVE-2015-5753
Technical details (affected products, vulnerable components, exploit scenarios, or patches) are not provided in the connected documents. The CVE entry description alone does not reveal concrete technical details. Monitor for updates from official sources.
CVE-2015-5785
Apple QuickTime
CVE-2001-0198
The CVE-2001-0198 issue affects the QuickTime Player plugin 4.1.2 (Japanese). The root cause is a buffer overflow caused by a long HREF parameter in an EMBED tag, allowing remote attackers to execute arbitrary commands. Public references describe a remote buffer overflow exploit via a crafted HTM...
CVE-2006-1453
CVE-2006-1453 affects Apple QuickTime before 7.1. It is a stack-based/buffer overflow in QuickDraw PICT image format support that lets remote attackers execute arbitrary code via a crafted image containing malformed font information. The connected documents specify that QuickTime 7.1 (Mac/Windows...
CVE-2011-0209
CVE-2011-0209 : An integer overflow in QuickTime’s handling of RIFF WAV files on Mac OS X before 10.6.8 can be exploited remotely to achieve arbitrary code execution or cause a denial of service (application crash) via a crafted WAV file. The issue is documented in the Apple advisory and is addre...
CVE-2011-0250
CVE-2011-0250 is a vulnerability in Apple QuickTime where a heap-based buffer overflow occurs in the STSS atom handling of QuickTime movie files, allowing remote code execution or application crash. The ZDI advisory confirms the flaw can be exploited via remote interaction (the target visits a ma...
CVE-2011-3428
CVE-2011-3428 concerns a buffer overflow in Apple QuickTime for Windows prior to version 7.7.1 . The vulnerability allows a remote attacker to execute arbitrary code on affected systems via the QuickTime player. The root cause is a buffer overflow in Windows builds of QuickTime, with the impact s...
CVE-2012-0670
Apple QuickTime is affected by CVE-2012-0670 due to an integer overflow in the handling of the 'sean' atom in movie files, affecting QuickTime prior to 7.7.2. The vulnerability allows remote code execution or a crash when a crafted file is opened. According to ZDI, Apple issued an update (HT5261)...
CVE-2012-3757
CVE-2012-3757 affects Apple QuickTime before 7.7.3. The root cause is memory corruption in the handling of PICT files, allowing remote code execution or a denial of service when a crafted PICT file is opened. Exploitation requires a user to open a malicious file; impact could be full user rights ...
CVE-2015-3663
CVE-2015-3663 affects Apple QuickTime’s QT Media Foundation and is exploitable via a crafted file that can trigger memory corruption, potentially allowing remote code execution or a denial of service. Affected: QuickTime before 7.7.7 (on OS X prior to 10.10.4 and other products). Root cause is me...
CVE-2015-7117
Technical details for CVE-2015-7117 are not publicly available in the provided documents. No information on affected product/version, root cause, or remediation is present here. Monitor for updates from official advisories; connected EUVD entries appear unrelated.
CVE-2003-0168
CVE-2003-0168 describes a buffer overflow in Apple QuickTime Player for Windows (versions 5.x and 6.0) triggered by processing overly long QuickTime URLs, allowing remote arbitrary code execution. The issue affects the Windows QuickTime Player, not the Mac versions. Vendor guidance: upgrade to Qu...
CVE-2005-2754
CVE-2005-2754 refers to an integer overflow in Apple QuickTime before 7.0.3 that can enable remote code execution when a crafted MOV file with “Improper movie attributes” is loaded. The issue is documented across multiple sources as affecting QuickTime on Mac OS X and Windows, with the overflow p...
CVE-2005-2756
CVE-2005-2756 corresponds to a buffer overflow in Apple QuickTime PictureViewer that allows remote code execution when processing crafted PICT data. Affected: QuickTime before 7.0.3 (Mac and Windows). Root cause: lack of input validation during decompression of compressed PICT data, causing memor...
CVE-2005-3713
Apple QuickTime before 7.0.4 is affected by a heap-based buffer overflow triggered by a crafted GIF image containing a Netscape Navigator Application Extension Block. The overflow modifies the heap in the Picture Modifier block and can allow remote attackers to execute arbitrary code. Vendors doc...
CVE-2008-3628
Summary: CVE-2008-3628 affects Apple QuickTime for Windows prior to 7.5.5. The issue is an invalid pointer in QuickTime’s handling of PICT images, which can allow remote attackers to execute arbitrary code or cause a denial of service (application crash). Affected product/behavior: Apple QuickTim...
CVE-2009-0951
CVE-2009-0951 is a heap-based overflow in Apple QuickTime
CVE-2010-0529
Apple QuickTime (Windows) is affected by a heap-based buffer overflow in QuickTime.qts when parsing a PICT image using the BkPixPat opcode (0x12). The flaw exists in Apple QuickTime before version 7.6.6, and can allow remote code execution or a denial of service via crafted images. Exploitation r...
CVE-2011-0186
CVE-2011-0186 affects Apple QuickTime on Mac OS X, where memory corruption in JPEG2000 handling could allow remote arbitrary code execution or a crash. The issue is tied to QuickTime’s JPEG2000 processing and is listed with a base score of 4.3 (Medium). Public docs indicate that Apple addressed r...
CVE-2011-0252
CVE-2011-0252 is a QuickTime vulnerability where a heap-based buffer overflow can be triggered by crafted STTS atoms in QuickTime movie files, allowing remote code execution. The issue arises from handling of invalid Time-To-Sample values, which can overflow a heap counter and compromise the proc...
CVE-2011-0256
Apple QuickTime contains an integer overflow in the handling of the TRUN atom (sampleCount) that can be triggered by crafted track run atoms in QuickTime movie files, impacting QuickTime before version 7.7. Exploitation could allow remote code execution or a denial of service (application crash) ...