246 matches found
CVE-2008-1583
CVE-2008-1583 relates to Apple QuickTime before 7.5, where a heap-based buffer overflow occurs while processing PICT images. The vulnerability arises in the PixData handling, enabling remote attackers to crash the player and potentially execute arbitrary code. Public records in the provided docum...
CVE-2008-3628
Summary: CVE-2008-3628 affects Apple QuickTime for Windows prior to 7.5.5. The issue is an invalid pointer in QuickTime’s handling of PICT images, which can allow remote attackers to execute arbitrary code or cause a denial of service (application crash). Affected product/behavior: Apple QuickTim...
CVE-2009-0951
CVE-2009-0951 is a heap-based overflow in Apple QuickTime
CVE-2010-0528
Apple QuickTime for Windows prior to 7.6.6 is vulnerable to remote code execution via crafted color tables in a movie file, due to a flaw in parsing malformed MediaVideo data from the STSD atom and a crafted length value. The vulnerability can also cause memory corruption and application crashes,...
CVE-2010-0529
Apple QuickTime (Windows) is affected by a heap-based buffer overflow in QuickTime.qts when parsing a PICT image using the BkPixPat opcode (0x12). The flaw exists in Apple QuickTime before version 7.6.6, and can allow remote code execution or a denial of service via crafted images. Exploitation r...
CVE-2011-0186
CVE-2011-0186 affects Apple QuickTime on Mac OS X, where memory corruption in JPEG2000 handling could allow remote arbitrary code execution or a crash. The issue is tied to QuickTime’s JPEG2000 processing and is listed with a base score of 4.3 (Medium). Public docs indicate that Apple addressed r...
CVE-2011-0256
Apple QuickTime contains an integer overflow in the handling of the TRUN atom (sampleCount) that can be triggered by crafted track run atoms in QuickTime movie files, impacting QuickTime before version 7.7. Exploitation could allow remote code execution or a denial of service (application crash) ...
CVE-2012-0665
CVE-2012-0665 describes a heap-based buffer overflow in Apple QuickTime’s H.264 movie handling (specifically in the AVCC header logic) that can allow remote code execution when processing a crafted movie file. The issue affects vulnerable QuickTime versions prior to 7.7.2 and can be exploited wit...
CVE-2015-3662
CVE-2015-3662 affects the QT Media Foundation in Apple QuickTime up to version 7.7.7 (and is used in OS X prior to 10.10.4, among other products). The vulnerability allows remote attackers to trigger arbitrary code execution or cause a denial of service via a crafted file, due to a memory corrupt...
CVE-2015-3665
Apple QuickTime QT Media Foundation is affected by memory corruption vulnerabilities in versions prior to 7.7.7, allowing remote attackers to execute arbitrary code or cause denial of service via specially crafted files. CVE-2015-3665 (and related CVEs) are tied to these issues. Affected componen...
CVE-2015-3713
CVE-2015-3713 – Apple QuickTime memory corruption in OS X pre-10.10.4. The vulnerability exists in QuickTime handling of crafted movie files, enabling a remote attacker to cause a crash or run arbitrary code by processing a malicious file. Affected product: Mac OS X with QuickTime prior to 10.10....
CVE-2005-2755
The CVE-2005-2755 entry concerns Apple QuickTime Player prior to 7.0.3. The vulnerability is triggered by a crafted file containing a missing movie attribute, which leads to a NULL pointer dereference and causes a denial-of-service crash. Affected product: QuickTime Player (macOS/Windows), versio...
CVE-2006-4386
CVE-2006-4386 affects Apple QuickTime prior to 7.1.3. The issue is an integer overflow in the H.264 processing path that can be triggered by a crafted H.264 movie. This vulnerability allows an attacker to execute arbitrary code on a vulnerable host and requires user assistance to trigger. Affecte...
CVE-2008-3624
CVE-2008-3624 describes a heap-based buffer overflow in Apple QuickTime before 7.5.5 triggered by crafted QTVR panorama atoms in QuickTime movie files. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash). Affected product is QuickTi...
CVE-2009-2202
Apple QuickTime vulnerability CVE-2009-2202 exists in QuickTime’s handling of H.264 movie files and can allow remote code execution or a denial of service via memory corruption. In the OpenVAS/Nessus entries, the affected product is QuickTime on Mac OS X (and QuickTime on Windows), with the root ...
CVE-2010-3789
The CVE-2010-3789 issue affects QuickTime on Mac OS X (specifically Mac OS X 10.6.x prior to 10.6.5). It is a memory corruption vulnerability in QuickTime’s handling of AVI files that could allow arbitrary code execution or cause a denial of service through application crash. The underlying cause...
CVE-2011-3248
CVE-2011-3248 affects Apple QuickTime (pre-7.7.1). A signedness error in the handling of font tables embedded in QuickTime movie files can be exploited by a crafted file to cause a remote code execution or application crash. The vulnerability is documented in ZDI-12-005 and tracked publicly with ...
CVE-2012-3751
CVE-2012-3751 (Apple QuickTime) : A use-after-free in the QuickTime plugin’s handling of qtactivex parameters within an HTML OBJECT can allow remote code execution or crash the application. Affected: Apple QuickTime before 7.7.3. Exploitation vector: crafted HTML document. Mitigation: upgrade to ...
CVE-2013-1022
CVE-2013-1022 is a buffer overflow in Apple QuickTime before 7.7.4 triggered by crafted mvhd atoms in movie files, potentially allowing arbitrary code execution or a crash. Affected products linked in public advisories include QuickTime on Windows; Apple-SA-2013-05-22-1 describes QuickTime 7.7.4 ...
CVE-2014-1247
CVE-2014-1247 affects Apple QuickTime prior to 7.7.5. A flaw in handling of dref atoms (as described in ZDI-14-046) can allow remote code execution or memory corruption when a user opens a crafted movie file or visits a malicious page; user interaction is required. Impact is execution of arbitrar...
CVE-2006-1464
CVE-2006-1464 is a buffer overflow in Apple QuickTime before 7.1 that enables a remote attacker to execute arbitrary code by supplying a crafted MPEG-4 (M4P) video file. The CERT entry corroborates that both Mac OS X and Windows QuickTime installations are affected, with the vulnerability trigger...
CVE-2007-2388
CVE-2007-2388 affects Apple QuickTime for Java 7.1.6 on Mac OS X and Windows. The vulnerability arises from improper restriction of QTObject subclassing, allowing a remote attacker to execute arbitrary code via a web page that uses a user-defined class accessing unsafe functions to write to arbit...
CVE-2007-2389
CVE-2007-2389 concerns Apple QuickTime for Java 7.1.6 on Mac OS X and Windows. The root cause is that QuickTime for Java does not clear memory before use, potentially allowing a remote attacker to read memory from a web browser via Java applets. Impact is memory disclosure from the browser contex...
CVE-2007-4673
CVE-2007-4673 is an argument-injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista. The issue allows remote attackers to execute arbitrary commands via a URL contained in the qtnext field of a crafted QuickTime QTL file. The description notes potential relation to CVE-2006-4...
CVE-2008-1019
Apple QuickTime (QuickTime.qts) prior to 7.4.5 contains a heap-based buffer overflow in PICT record parsing due to an improperly terminated memory copy loop. A crafted PICT image file can trigger remote code execution in the QuickTime process. Affected product/version: Apple QuickTime before 7.4....
CVE-2009-0005
CVE-2009-0005 concerns Apple QuickTime before 7.6. The vulnerability is described as memory corruption triggered by a crafted H.263-encoded movie file, allowing remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code. Several OpenVAS/Nessus entr...
CVE-2009-0952
CVE-2009-0952 refers to a buffer overflow in Apple QuickTime before 7.6.2 triggered by parsing a crafted PSD image, allowing remote code execution or a denial of service. Affected product: Apple QuickTime (Windows and Mac). Root cause: overflow in PSD image handling during header copy/size valida...
CVE-2010-3800
CVE-2010-3800 affects Apple QuickTime prior to 7.6.9, where a memory corruption in handling PICT files can lead to arbitrary code execution or a crash. The issue arises from inadequate validation during PICT processing, enabling remote exploitation. Apple released patches addressing this in Quick...
CVE-2011-0248
CVE-2011-0248 : Stack-based buffer overflow in the QuickTime ActiveX control of Apple QuickTime on Windows (pre-7.7) when using Internet Explorer, exploitable via a crafted QTL file to execute arbitrary code or cause a crash. The connected Red Hat (RH:CVE-2011-0248) and ZDI advisories describe th...
CVE-2011-1374
CVE-2011-1374 refers to a buffer overflow in Apple QuickTime prior to 7.7.3, affecting Windows. The root cause is improper handling of REGION records in PICT files, leading to potential remote code execution or application crash (denial of service). The affected product is Apple QuickTime for Win...
CVE-2012-0668
CVE-2012-0668 is a vulnerability in Apple QuickTime where the RLE decoding path in QuickTime’s movie sample handling can overflow a buffer. The issue allows remote attackers to trigger a buffer overflow, enabling arbitrary code execution or a denial of service (application crash) by the user open...
CVE-2013-0987
CVE-2013-0987 affects Apple QuickTime, with a memory corruption flaw in the handling of QTIF files that could allow remote code execution or a crash. The vulnerability is listed across multiple OpenVAS entries for Apple QuickTime/QuickTime Player (Mac OS X and Windows) and is tied to QuickTime’s ...
CVE-2015-7090
CVE-2015-7090 affects Apple QuickTime prior to 7.7.9. The vulnerability allows remote attackers to trigger memory corruption via a crafted movie file, potentially leading to arbitrary code execution or a denial of service (application crash). This is a separate issue from related CVEs (CVE-2015-7...
CVE-2002-0252
CVE-2002-0252 affects Apple QuickTime Player 5.01 and 5.02. A buffer overflow is triggered by a remote web server sending a response with a long Content-Type MIME header, allowing arbitrary code execution. The vulnerability is tied to the Content-Type handling in the RTSP/HTTP response parsing. E...
CVE-2005-3708
CVE-2005-3708 describes an integer overflow in Apple QuickTime prior to 7.0.4, triggered by crafted TGA image files. The vulnerability allows remote code execution by exploiting the QuickTime image parsing path, as documented across multiple sources (NVD entry for CVE-2005-3708 and CERT advisorie...
CVE-2005-3711
Apple QuickTime
CVE-2006-4381
Apple QuickTime versions before 7.1.3 are affected by multiple integer/buffer overflow vulnerabilities in the H.264 processing path. A crafted H.264 movie (or other crafted media) can lead to remote code execution with the user’s privileges, typically via user interaction (opening a malicious fil...
CVE-2007-6238
Technical details for CVE-2007-6238 are not publicly provided in the provided documents; the Initial Description is vague. Monitor for updates.
CVE-2008-1016
CVE-2008-1016 concerns Apple QuickTime before 7.4.5. The flaw is in how QuickTime handles movie media tracks, causing memory corruption that can be triggered by a crafted movie file. Remote attackers could potentially execute arbitrary code or cause a crash when a user opens such a file. The vuln...
CVE-2008-1018
CVE-2008-1018 is a heap-based overflow in Apple QuickTime parsing of the MP4A atom (chan) that allows remote code execution when a malformed QuickTime movie is opened. Affected product: Apple QuickTime before 7.4.5. Root cause: heap corruption in Channel Compositor atom parsing. Impact: arbitrary...
CVE-2008-1021
Apple QuickTime contains a heap-based buffer overflow in the Animation codec content handling that can allow remote code execution via a crafted QuickTime movie using Run Length Encoding. Affected product: Apple QuickTime Player prior to 7.4.5 (Windows). Evidence across sources confirms the vulne...
CVE-2009-0002
CVE-2009-0002 is a heap-based buffer overflow in Apple QuickTime prior to 7.6 triggered by processing THKD atoms in QTVR movie files. Remote attackers could cause a denial of service and, in some cases, arbitrary code execution. Affected: QuickTime on Mac OS X and Windows (versions older than 7.6...
CVE-2009-0955
CVE-2009-0955 affects Apple QuickTime prior to 7.6.2 due to a sign-extension vulnerability in the Image Description Atom handling for Apple Video files. A remote attacker could entice a user to open a crafted QuickTime movie, triggering a memory corruption flaw that may lead to arbitrary code exe...
CVE-2009-2799
Apple QuickTime is affected by CVE-2009-2799 (heap-based buffer overflow) due to how H.264 movie files are processed. The vulnerability can allow remote code execution or a denial-of-service condition (crash) when a crafted H.264 file is opened. Affected product is QuickTime on macOS; remediation...
CVE-2010-1799
CVE-2010-1799 describes a stack-based buffer overflow in Apple QuickTime’s error-logging path on Windows, exploitable via a crafted SMIL/movie file to execute arbitrary code or cause a denial of service. Affected product/version: Apple QuickTime before 7.6.7 (Windows). Root cause: boundary/stack ...
CVE-2010-4009
CVE-2010-4009 affects Apple QuickTime prior to 7.6.9. An integer overflow in QuickTime’s handling of movie files can allow a remote attacker to execute arbitrary code or crash the application. Impact is rated high (AV:N/AC:M/Au:N/C:C/I:C/A:C). Remediation: upgrade to QuickTime 7.6.9 or later as r...
CVE-2011-0211
CVE-2011-0211: Integer overflow in QuickTime’s handling of audio channels in QuickTime movie files on Mac OS X before 10.6.8. This can allow remote code execution or an application crash via a crafted movie file. Affected: Mac OS X versions prior to 10.6.8. Mitigation: update to Mac OS X 10.6.8 o...
CVE-2011-0213
Apple QuickTime contains multiple CVEs including CVE-2011-0213. The issue is a buffer overflow in QuickTime’s JPEG handling that can cause application termination or arbitrary code execution when processing a crafted JPEG, with impact on Mac OS X and Windows. For Mac OS X, Apple states the issue ...
CVE-2012-0666
The CVE-2012-0666 entry is confirmed to have concrete technical details in connected documents: Apple QuickTime on Windows contains a stack-based buffer overflow in the QuickTime plugin (QTPluginControl::SetLanguage) triggered via crafted QTMovie objects, enabling remote code execution or a crash...
CVE-2014-1249
CVE-2014-1249 affects Apple QuickTime before 7.7.5. The vulnerability is a buffer overflow in the PSD image handling used by QuickTime, which can lead to remote arbitrary code execution or an application crash. Connected sources corroborate a PSD-related overflow in QuickTime, with multiple OpenV...