Lucene search
K
AppleQuicktime

247 matches found

CVE
CVE
added 2010/03/31 6:0 p.m.63 views

CVE-2010-0529

Apple QuickTime (Windows) is affected by a heap-based buffer overflow in QuickTime.qts when parsing a PICT image using the BkPixPat opcode (0x12). The flaw exists in Apple QuickTime before version 7.6.6, and can allow remote code execution or a denial of service via crafted images. Exploitation r...

9.3CVSS8.1AI score0.12199EPSS
CVE
CVE
added 2011/03/23 1:0 a.m.63 views

CVE-2011-0186

CVE-2011-0186 affects Apple QuickTime on Mac OS X, where memory corruption in JPEG2000 handling could allow remote arbitrary code execution or a crash. The issue is tied to QuickTime’s JPEG2000 processing and is listed with a base score of 4.3 (Medium). Public docs indicate that Apple addressed r...

4.3CVSS6.8AI score0.02606EPSS
CVE
CVE
added 2011/08/04 1:0 a.m.63 views

CVE-2011-0252

CVE-2011-0252 is a QuickTime vulnerability where a heap-based buffer overflow can be triggered by crafted STTS atoms in QuickTime movie files, allowing remote code execution. The issue arises from handling of invalid Time-To-Sample values, which can overflow a heap counter and compromise the proc...

9.3CVSS8.7AI score0.05084EPSS
CVE
CVE
added 2011/08/15 9:0 p.m.63 views

CVE-2011-0256

Apple QuickTime contains an integer overflow in the handling of the TRUN atom (sampleCount) that can be triggered by crafted track run atoms in QuickTime movie files, impacting QuickTime before version 7.7. Exploitation could allow remote code execution or a denial of service (application crash) ...

9.3CVSS7.8AI score0.03682EPSS
CVE
CVE
added 2012/11/09 7:0 p.m.63 views

CVE-2012-3755

Apple QuickTime contains a buffer overflow in the handling of Targa image files, affecting versions before 7.7.3. Successful exploitation can lead to arbitrary code execution or application crash. Remediation: upgrade to QuickTime 7.7.3 as per Apple advisory APPLE-SA-2012-11-07-1.

9.3CVSS7.8AI score0.10176EPSS
CVE
CVE
added 2014/02/27 1:0 a.m.63 views

CVE-2014-1248

CVE-2014-1248 affects Apple QuickTime prior to 7.7.5. A buffer overflow in the handling of the ldat atom in movie files can allow remote code execution or cause an application crash (DoS). Mitigation: apply QuickTime 7.7.5 or later updates where this issue was addressed. Exploitation details are ...

9.3CVSS7.7AI score0.04072EPSS
CVE
CVE
added 2015/07/03 1:0 a.m.63 views

CVE-2015-3662

CVE-2015-3662 affects the QT Media Foundation in Apple QuickTime up to version 7.7.7 (and is used in OS X prior to 10.10.4, among other products). The vulnerability allows remote attackers to trigger arbitrary code execution or cause a denial of service via a crafted file, due to a memory corrupt...

6.8CVSS5.2AI score0.03119EPSS
CVE
CVE
added 2015/07/03 1:0 a.m.63 views

CVE-2015-3665

Apple QuickTime QT Media Foundation is affected by memory corruption vulnerabilities in versions prior to 7.7.7, allowing remote attackers to execute arbitrary code or cause denial of service via specially crafted files. CVE-2015-3665 (and related CVEs) are tied to these issues. Affected componen...

6.8CVSS7.5AI score0.02904EPSS
CVE
CVE
added 2015/07/03 1:0 a.m.63 views

CVE-2015-3713

CVE-2015-3713 – Apple QuickTime memory corruption in OS X pre-10.10.4. The vulnerability exists in QuickTime handling of crafted movie files, enabling a remote attacker to cause a crash or run arbitrary code by processing a malicious file. Affected product: Mac OS X with QuickTime prior to 10.10....

6.8CVSS5.2AI score0.02922EPSS
CVE
CVE
added 2005/11/05 11:0 a.m.62 views

CVE-2005-2755

The CVE-2005-2755 entry concerns Apple QuickTime Player prior to 7.0.3. The vulnerability is triggered by a crafted file containing a missing movie attribute, which leads to a NULL pointer dereference and causes a denial-of-service crash. Affected product: QuickTime Player (macOS/Windows), versio...

2.6CVSS5.9AI score0.01763EPSS
CVE
CVE
added 2007/03/05 10:0 p.m.62 views

CVE-2007-0713

Apple QuickTime before 7.1.5 contains a heap-based buffer overflow in the handling of QuickTime movie files, allowing remote user-assisted attackers to crash the player and potentially execute arbitrary code. The vulnerability is triggered by specially crafted media files. Remediation is to upgra...

5.8CVSS7.6AI score0.06095EPSS
CVE
CVE
added 2008/09/10 4:0 p.m.62 views

CVE-2008-3624

CVE-2008-3624 describes a heap-based buffer overflow in Apple QuickTime before 7.5.5 triggered by crafted QTVR panorama atoms in QuickTime movie files. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash). Affected product is QuickTi...

6.8CVSS7.9AI score0.03012EPSS
CVE
CVE
added 2009/09/10 9:0 p.m.62 views

CVE-2009-2202

Apple QuickTime vulnerability CVE-2009-2202 exists in QuickTime’s handling of H.264 movie files and can allow remote code execution or a denial of service via memory corruption. In the OpenVAS/Nessus entries, the affected product is QuickTime on Mac OS X (and QuickTime on Windows), with the root ...

9.3CVSS7.8AI score0.04937EPSS
CVE
CVE
added 2010/11/16 9:0 p.m.62 views

CVE-2010-3789

The CVE-2010-3789 issue affects QuickTime on Mac OS X (specifically Mac OS X 10.6.x prior to 10.6.5). It is a memory corruption vulnerability in QuickTime’s handling of AVI files that could allow arbitrary code execution or cause a denial of service through application crash. The underlying cause...

6.8CVSS9.2AI score0.029EPSS
CVE
CVE
added 2012/05/16 1:0 a.m.62 views

CVE-2012-0665

CVE-2012-0665 describes a heap-based buffer overflow in Apple QuickTime’s H.264 movie handling (specifically in the AVCC header logic) that can allow remote code execution when processing a crafted movie file. The issue affects vulnerable QuickTime versions prior to 7.7.2 and can be exploited wit...

9.3CVSS7.9AI score0.04057EPSS
CVE
CVE
added 2012/11/09 7:0 p.m.62 views

CVE-2012-3751

CVE-2012-3751 (Apple QuickTime) : A use-after-free in the QuickTime plugin’s handling of qtactivex parameters within an HTML OBJECT can allow remote code execution or crash the application. Affected: Apple QuickTime before 7.7.3. Exploitation vector: crafted HTML document. Mitigation: upgrade to ...

9.3CVSS7.5AI score0.04365EPSS
CVE
CVE
added 2013/05/24 10:0 a.m.62 views

CVE-2013-1022

CVE-2013-1022 is a buffer overflow in Apple QuickTime before 7.7.4 triggered by crafted mvhd atoms in movie files, potentially allowing arbitrary code execution or a crash. Affected products linked in public advisories include QuickTime on Windows; Apple-SA-2013-05-22-1 describes QuickTime 7.7.4 ...

9.3CVSS7.8AI score0.04954EPSS
CVE
CVE
added 2014/02/27 1:0 a.m.62 views

CVE-2014-1247

CVE-2014-1247 affects Apple QuickTime prior to 7.7.5. A flaw in handling of dref atoms (as described in ZDI-14-046) can allow remote code execution or memory corruption when a user opens a crafted movie file or visits a malicious page; user interaction is required. Impact is execution of arbitrar...

9.3CVSS7.7AI score0.03514EPSS
CVE
CVE
added 2006/09/12 11:0 p.m.61 views

CVE-2006-4386

CVE-2006-4386 affects Apple QuickTime prior to 7.1.3. The issue is an integer overflow in the H.264 processing path that can be triggered by a crafted H.264 movie. This vulnerability allows an attacker to execute arbitrary code on a vulnerable host and requires user assistance to trigger. Affecte...

5.1CVSS7.2AI score0.05851EPSS
CVE
CVE
added 2009/01/21 8:0 p.m.61 views

CVE-2009-0005

CVE-2009-0005 concerns Apple QuickTime before 7.6. The vulnerability is described as memory corruption triggered by a crafted H.263-encoded movie file, allowing remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code. Several OpenVAS/Nessus entr...

9.3CVSS7.6AI score0.04459EPSS
CVE
CVE
added 2009/06/02 6:0 p.m.61 views

CVE-2009-0952

CVE-2009-0952 refers to a buffer overflow in Apple QuickTime before 7.6.2 triggered by parsing a crafted PSD image, allowing remote code execution or a denial of service. Affected product: Apple QuickTime (Windows and Mac). Root cause: overflow in PSD image handling during header copy/size valida...

9.3CVSS7.8AI score0.04756EPSS
CVE
CVE
added 2010/12/09 7:0 p.m.61 views

CVE-2010-3800

CVE-2010-3800 affects Apple QuickTime prior to 7.6.9, where a memory corruption in handling PICT files can lead to arbitrary code execution or a crash. The issue arises from inadequate validation during PICT processing, enabling remote exploitation. Apple released patches addressing this in Quick...

9.3CVSS7.7AI score0.04937EPSS
CVE
CVE
added 2011/08/04 1:0 a.m.61 views

CVE-2011-0248

CVE-2011-0248 : Stack-based buffer overflow in the QuickTime ActiveX control of Apple QuickTime on Windows (pre-7.7) when using Internet Explorer, exploitable via a crafted QTL file to execute arbitrary code or cause a crash. The connected Red Hat (RH:CVE-2011-0248) and ZDI advisories describe th...

9.3CVSS7.9AI score0.0302EPSS
CVE
CVE
added 2012/11/09 7:0 p.m.61 views

CVE-2011-1374

CVE-2011-1374 refers to a buffer overflow in Apple QuickTime prior to 7.7.3, affecting Windows. The root cause is improper handling of REGION records in PICT files, leading to potential remote code execution or application crash (denial of service). The affected product is Apple QuickTime for Win...

9.3CVSS7.8AI score0.04997EPSS
CVE
CVE
added 2011/10/28 1:0 a.m.61 views

CVE-2011-3248

CVE-2011-3248 affects Apple QuickTime (pre-7.7.1). A signedness error in the handling of font tables embedded in QuickTime movie files can be exploited by a crafted file to cause a remote code execution or application crash. The vulnerability is documented in ZDI-12-005 and tracked publicly with ...

9.3CVSS7.2AI score0.04524EPSS
CVE
CVE
added 2013/05/24 10:0 a.m.61 views

CVE-2013-0987

CVE-2013-0987 affects Apple QuickTime, with a memory corruption flaw in the handling of QTIF files that could allow remote code execution or a crash. The vulnerability is listed across multiple OpenVAS entries for Apple QuickTime/QuickTime Player (Mac OS X and Windows) and is tied to QuickTime’s ...

9.3CVSS7.5AI score0.03372EPSS
CVE
CVE
added 2016/01/09 2:0 a.m.61 views

CVE-2015-7090

CVE-2015-7090 affects Apple QuickTime prior to 7.7.9. The vulnerability allows remote attackers to trigger memory corruption via a crafted movie file, potentially leading to arbitrary code execution or a denial of service (application crash). This is a separate issue from related CVEs (CVE-2015-7...

6.8CVSS7.1AI score0.01648EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.60 views

CVE-2002-0252

CVE-2002-0252 affects Apple QuickTime Player 5.01 and 5.02. A buffer overflow is triggered by a remote web server sending a response with a long Content-Type MIME header, allowing arbitrary code execution. The vulnerability is tied to the Content-Type handling in the RTSP/HTTP response parsing. E...

7.5CVSS7.5AI score0.10536EPSS
Web
CVE
CVE
added 2006/01/11 6:0 p.m.60 views

CVE-2005-3708

CVE-2005-3708 describes an integer overflow in Apple QuickTime prior to 7.0.4, triggered by crafted TGA image files. The vulnerability allows remote code execution by exploiting the QuickTime image parsing path, as documented across multiple sources (NVD entry for CVE-2005-3708 and CERT advisorie...

7.5CVSS7.5AI score0.03165EPSS
CVE
CVE
added 2006/01/11 6:0 p.m.60 views

CVE-2005-3711

Apple QuickTime

7.5CVSS7.5AI score0.04052EPSS
CVE
CVE
added 2006/05/12 8:0 p.m.60 views

CVE-2006-1464

CVE-2006-1464 is a buffer overflow in Apple QuickTime before 7.1 that enables a remote attacker to execute arbitrary code by supplying a crafted MPEG-4 (M4P) video file. The CERT entry corroborates that both Mac OS X and Windows QuickTime installations are affected, with the vulnerability trigger...

5.1CVSS7.4AI score0.06669EPSS
CVE
CVE
added 2006/09/12 11:0 p.m.60 views

CVE-2006-4381

Apple QuickTime versions before 7.1.3 are affected by multiple integer/buffer overflow vulnerabilities in the H.264 processing path. A crafted H.264 movie (or other crafted media) can lead to remote code execution with the user’s privileges, typically via user interaction (opening a malicious fil...

5.1CVSS7.3AI score0.04298EPSS
CVE
CVE
added 2007/05/29 9:0 p.m.60 views

CVE-2007-2388

CVE-2007-2388 affects Apple QuickTime for Java 7.1.6 on Mac OS X and Windows. The vulnerability arises from improper restriction of QTObject subclassing, allowing a remote attacker to execute arbitrary code via a web page that uses a user-defined class accessing unsafe functions to write to arbit...

9.3CVSS7.4AI score0.05972EPSS
CVE
CVE
added 2007/05/29 9:0 p.m.60 views

CVE-2007-2389

CVE-2007-2389 concerns Apple QuickTime for Java 7.1.6 on Mac OS X and Windows. The root cause is that QuickTime for Java does not clear memory before use, potentially allowing a remote attacker to read memory from a web browser via Java applets. Impact is memory disclosure from the browser contex...

7.1CVSS6AI score0.02786EPSS
CVE
CVE
added 2007/10/04 11:0 p.m.60 views

CVE-2007-4673

CVE-2007-4673 is an argument-injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista. The issue allows remote attackers to execute arbitrary commands via a URL contained in the qtnext field of a crafted QuickTime QTL file. The description notes potential relation to CVE-2006-4...

9.3CVSS7.3AI score0.02407EPSS
CVE
CVE
added 2008/04/04 5:0 p.m.60 views

CVE-2008-1016

CVE-2008-1016 concerns Apple QuickTime before 7.4.5. The flaw is in how QuickTime handles movie media tracks, causing memory corruption that can be triggered by a crafted movie file. Remote attackers could potentially execute arbitrary code or cause a crash when a user opens such a file. The vuln...

6.8CVSS7.2AI score0.04015EPSS
CVE
CVE
added 2008/04/04 5:0 p.m.60 views

CVE-2008-1018

CVE-2008-1018 is a heap-based overflow in Apple QuickTime parsing of the MP4A atom (chan) that allows remote code execution when a malformed QuickTime movie is opened. Affected product: Apple QuickTime before 7.4.5. Root cause: heap corruption in Channel Compositor atom parsing. Impact: arbitrary...

6.8CVSS7.6AI score0.05728EPSS
CVE
CVE
added 2008/04/04 5:0 p.m.60 views

CVE-2008-1019

Apple QuickTime (QuickTime.qts) prior to 7.4.5 contains a heap-based buffer overflow in PICT record parsing due to an improperly terminated memory copy loop. A crafted PICT image file can trigger remote code execution in the QuickTime process. Affected product/version: Apple QuickTime before 7.4....

6.8CVSS7.5AI score0.06947EPSS
CVE
CVE
added 2009/01/21 8:0 p.m.60 views

CVE-2009-0002

CVE-2009-0002 is a heap-based buffer overflow in Apple QuickTime prior to 7.6 triggered by processing THKD atoms in QTVR movie files. Remote attackers could cause a denial of service and, in some cases, arbitrary code execution. Affected: QuickTime on Mac OS X and Windows (versions older than 7.6...

9.3CVSS7.9AI score0.07924EPSS
CVE
CVE
added 2009/06/02 6:0 p.m.60 views

CVE-2009-0955

CVE-2009-0955 affects Apple QuickTime prior to 7.6.2 due to a sign-extension vulnerability in the Image Description Atom handling for Apple Video files. A remote attacker could entice a user to open a crafted QuickTime movie, triggering a memory corruption flaw that may lead to arbitrary code exe...

9.3CVSS7.7AI score0.09497EPSS
CVE
CVE
added 2009/09/10 9:0 p.m.60 views

CVE-2009-2799

Apple QuickTime is affected by CVE-2009-2799 (heap-based buffer overflow) due to how H.264 movie files are processed. The vulnerability can allow remote code execution or a denial-of-service condition (crash) when a crafted H.264 file is opened. Affected product is QuickTime on macOS; remediation...

9.3CVSS7.7AI score0.05718EPSS
CVE
CVE
added 2010/08/16 6:25 p.m.60 views

CVE-2010-1799

CVE-2010-1799 describes a stack-based buffer overflow in Apple QuickTime’s error-logging path on Windows, exploitable via a crafted SMIL/movie file to execute arbitrary code or cause a denial of service. Affected product/version: Apple QuickTime before 7.6.7 (Windows). Root cause: boundary/stack ...

9.3CVSS8AI score0.33701EPSS
Web
CVE
CVE
added 2010/12/09 7:0 p.m.60 views

CVE-2010-4009

CVE-2010-4009 affects Apple QuickTime prior to 7.6.9. An integer overflow in QuickTime’s handling of movie files can allow a remote attacker to execute arbitrary code or crash the application. Impact is rated high (AV:N/AC:M/Au:N/C:C/I:C/A:C). Remediation: upgrade to QuickTime 7.6.9 or later as r...

9.3CVSS6.6AI score0.04882EPSS
CVE
CVE
added 2011/06/24 8:0 p.m.60 views

CVE-2011-0211

CVE-2011-0211: Integer overflow in QuickTime’s handling of audio channels in QuickTime movie files on Mac OS X before 10.6.8. This can allow remote code execution or an application crash via a crafted movie file. Affected: Mac OS X versions prior to 10.6.8. Mitigation: update to Mac OS X 10.6.8 o...

6.8CVSS6.2AI score0.02924EPSS
CVE
CVE
added 2011/06/24 8:0 p.m.60 views

CVE-2011-0213

Apple QuickTime contains multiple CVEs including CVE-2011-0213. The issue is a buffer overflow in QuickTime’s JPEG handling that can cause application termination or arbitrary code execution when processing a crafted JPEG, with impact on Mac OS X and Windows. For Mac OS X, Apple states the issue ...

6.8CVSS6.2AI score0.0332EPSS
CVE
CVE
added 2012/05/16 1:0 a.m.60 views

CVE-2012-0666

The CVE-2012-0666 entry is confirmed to have concrete technical details in connected documents: Apple QuickTime on Windows contains a stack-based buffer overflow in the QuickTime plugin (QTPluginControl::SetLanguage) triggered via crafted QTMovie objects, enabling remote code execution or a crash...

9.3CVSS7.9AI score0.04057EPSS
CVE
CVE
added 2012/05/16 1:0 a.m.60 views

CVE-2012-0668

CVE-2012-0668 is a vulnerability in Apple QuickTime where the RLE decoding path in QuickTime’s movie sample handling can overflow a buffer. The issue allows remote attackers to trigger a buffer overflow, enabling arbitrary code execution or a denial of service (application crash) by the user open...

9.3CVSS7.7AI score0.04626EPSS
CVE
CVE
added 2014/02/27 1:0 a.m.60 views

CVE-2014-1249

CVE-2014-1249 affects Apple QuickTime before 7.7.5. The vulnerability is a buffer overflow in the PSD image handling used by QuickTime, which can lead to remote arbitrary code execution or an application crash. Connected sources corroborate a PSD-related overflow in QuickTime, with multiple OpenV...

9.3CVSS7.7AI score0.04072EPSS
CVE
CVE
added 2006/09/12 11:0 p.m.59 views

CVE-2006-4384

CVE-2006-4384 : A heap-based buffer overflow in Apple QuickTime prior to 7.1.3 allows a user-assisted remote attacker to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. Impact is remote code execution within the user’s privileges; exploitation requires user interaction. Affec...

5.1CVSS7.5AI score0.15248EPSS
Total number of security vulnerabilities247