246 matches found
CVE-2008-3628
Summary: CVE-2008-3628 affects Apple QuickTime for Windows prior to 7.5.5. The issue is an invalid pointer in QuickTime’s handling of PICT images, which can allow remote attackers to execute arbitrary code or cause a denial of service (application crash). Affected product/behavior: Apple QuickTim...
CVE-2009-2202
Apple QuickTime vulnerability CVE-2009-2202 exists in QuickTime’s handling of H.264 movie files and can allow remote code execution or a denial of service via memory corruption. In the OpenVAS/Nessus entries, the affected product is QuickTime on Mac OS X (and QuickTime on Windows), with the root ...
CVE-2009-2799
Apple QuickTime is affected by CVE-2009-2799 (heap-based buffer overflow) due to how H.264 movie files are processed. The vulnerability can allow remote code execution or a denial-of-service condition (crash) when a crafted H.264 file is opened. Affected product is QuickTime on macOS; remediation...
CVE-2010-0528
Apple QuickTime for Windows prior to 7.6.6 is vulnerable to remote code execution via crafted color tables in a movie file, due to a flaw in parsing malformed MediaVideo data from the STSD atom and a crafted length value. The vulnerability can also cause memory corruption and application crashes,...
CVE-2011-0256
Apple QuickTime contains an integer overflow in the handling of the TRUN atom (sampleCount) that can be triggered by crafted track run atoms in QuickTime movie files, impacting QuickTime before version 7.7. Exploitation could allow remote code execution or a denial of service (application crash) ...
CVE-2011-3251
Apple QuickTime for Windows (pre-7.7.1) is affected by a vulnerability in processing the TKHD atom of QuickTime movie files, which can lead to memory corruption and arbitrary code execution or a denial of service. The issue stems from how matrix structures in the mp4/tkhd handling are parsed, all...
CVE-2012-3751
CVE-2012-3751 (Apple QuickTime) : A use-after-free in the QuickTime plugin’s handling of qtactivex parameters within an HTML OBJECT can allow remote code execution or crash the application. Affected: Apple QuickTime before 7.7.3. Exploitation vector: crafted HTML document. Mitigation: upgrade to ...
CVE-2013-1022
CVE-2013-1022 is a buffer overflow in Apple QuickTime before 7.7.4 triggered by crafted mvhd atoms in movie files, potentially allowing arbitrary code execution or a crash. Affected products linked in public advisories include QuickTime on Windows; Apple-SA-2013-05-22-1 describes QuickTime 7.7.4 ...
CVE-2014-1248
CVE-2014-1248 affects Apple QuickTime prior to 7.7.5. A buffer overflow in the handling of the ldat atom in movie files can allow remote code execution or cause an application crash (DoS). Mitigation: apply QuickTime 7.7.5 or later updates where this issue was addressed. Exploitation details are ...
CVE-2015-3662
CVE-2015-3662 affects the QT Media Foundation in Apple QuickTime up to version 7.7.7 (and is used in OS X prior to 10.10.4, among other products). The vulnerability allows remote attackers to trigger arbitrary code execution or cause a denial of service via a crafted file, due to a memory corrupt...
CVE-2015-7117
Technical details for CVE-2015-7117 are not publicly available in the provided documents. No information on affected product/version, root cause, or remediation is present here. Monitor for updates from official advisories; connected EUVD entries appear unrelated.
CVE-2003-0168
CVE-2003-0168 describes a buffer overflow in Apple QuickTime Player for Windows (versions 5.x and 6.0) triggered by processing overly long QuickTime URLs, allowing remote arbitrary code execution. The issue affects the Windows QuickTime Player, not the Mac versions. Vendor guidance: upgrade to Qu...
CVE-2005-2755
The CVE-2005-2755 entry concerns Apple QuickTime Player prior to 7.0.3. The vulnerability is triggered by a crafted file containing a missing movie attribute, which leads to a NULL pointer dereference and causes a denial-of-service crash. Affected product: QuickTime Player (macOS/Windows), versio...
CVE-2005-2756
CVE-2005-2756 corresponds to a buffer overflow in Apple QuickTime PictureViewer that allows remote code execution when processing crafted PICT data. Affected: QuickTime before 7.0.3 (Mac and Windows). Root cause: lack of input validation during decompression of compressed PICT data, causing memor...
CVE-2005-3711
Apple QuickTime
CVE-2006-1458
CVE-2006-1458 affects Apple QuickTime Player prior to 7.1. The vulnerability is an integer overflow in the JPEG handling path that could allow a remote attacker to execute arbitrary code by convincing a user to open a crafted JPEG image. Affected products include QuickTime on both Mac OS X and Wi...
CVE-2006-4386
CVE-2006-4386 affects Apple QuickTime prior to 7.1.3. The issue is an integer overflow in the H.264 processing path that can be triggered by a crafted H.264 movie. This vulnerability allows an attacker to execute arbitrary code on a vulnerable host and requires user assistance to trigger. Affecte...
CVE-2009-0005
CVE-2009-0005 concerns Apple QuickTime before 7.6. The vulnerability is described as memory corruption triggered by a crafted H.263-encoded movie file, allowing remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code. Several OpenVAS/Nessus entr...
CVE-2009-0951
CVE-2009-0951 is a heap-based overflow in Apple QuickTime
CVE-2010-3789
The CVE-2010-3789 issue affects QuickTime on Mac OS X (specifically Mac OS X 10.6.x prior to 10.6.5). It is a memory corruption vulnerability in QuickTime’s handling of AVI files that could allow arbitrary code execution or cause a denial of service through application crash. The underlying cause...
CVE-2011-0186
CVE-2011-0186 affects Apple QuickTime on Mac OS X, where memory corruption in JPEG2000 handling could allow remote arbitrary code execution or a crash. The issue is tied to QuickTime’s JPEG2000 processing and is listed with a base score of 4.3 (Medium). Public docs indicate that Apple addressed r...
CVE-2011-1374
CVE-2011-1374 refers to a buffer overflow in Apple QuickTime prior to 7.7.3, affecting Windows. The root cause is improper handling of REGION records in PICT files, leading to potential remote code execution or application crash (denial of service). The affected product is Apple QuickTime for Win...
CVE-2013-0987
CVE-2013-0987 affects Apple QuickTime, with a memory corruption flaw in the handling of QTIF files that could allow remote code execution or a crash. The vulnerability is listed across multiple OpenVAS entries for Apple QuickTime/QuickTime Player (Mac OS X and Windows) and is tied to QuickTime’s ...
CVE-2014-1247
CVE-2014-1247 affects Apple QuickTime prior to 7.7.5. A flaw in handling of dref atoms (as described in ZDI-14-046) can allow remote code execution or memory corruption when a user opens a crafted movie file or visits a malicious page; user interaction is required. Impact is execution of arbitrar...
CVE-2015-3713
CVE-2015-3713 – Apple QuickTime memory corruption in OS X pre-10.10.4. The vulnerability exists in QuickTime handling of crafted movie files, enabling a remote attacker to cause a crash or run arbitrary code by processing a malicious file. Affected product: Mac OS X with QuickTime prior to 10.10....
CVE-2006-1460
Apple QuickTime before 7.1 is affected by CVE-2006-1460 due to a heap buffer overflow in the udta Atom of MOV files. A crafted MOV containing an oversized udta Atom can trigger memory overwrite, leading to remote code execution under the user’s context. Affected products include QuickTime for Win...
CVE-2006-1464
CVE-2006-1464 is a buffer overflow in Apple QuickTime before 7.1 that enables a remote attacker to execute arbitrary code by supplying a crafted MPEG-4 (M4P) video file. The CERT entry corroborates that both Mac OS X and Windows QuickTime installations are affected, with the vulnerability trigger...
CVE-2007-2389
CVE-2007-2389 concerns Apple QuickTime for Java 7.1.6 on Mac OS X and Windows. The root cause is that QuickTime for Java does not clear memory before use, potentially allowing a remote attacker to read memory from a web browser via Java applets. Impact is memory disclosure from the browser contex...
CVE-2007-4673
CVE-2007-4673 is an argument-injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista. The issue allows remote attackers to execute arbitrary commands via a URL contained in the qtnext field of a crafted QuickTime QTL file. The description notes potential relation to CVE-2006-4...
CVE-2009-0952
CVE-2009-0952 refers to a buffer overflow in Apple QuickTime before 7.6.2 triggered by parsing a crafted PSD image, allowing remote code execution or a denial of service. Affected product: Apple QuickTime (Windows and Mac). Root cause: overflow in PSD image handling during header copy/size valida...
CVE-2010-1799
CVE-2010-1799 describes a stack-based buffer overflow in Apple QuickTime’s error-logging path on Windows, exploitable via a crafted SMIL/movie file to execute arbitrary code or cause a denial of service. Affected product/version: Apple QuickTime before 7.6.7 (Windows). Root cause: boundary/stack ...
CVE-2010-3800
CVE-2010-3800 affects Apple QuickTime prior to 7.6.9, where a memory corruption in handling PICT files can lead to arbitrary code execution or a crash. The issue arises from inadequate validation during PICT processing, enabling remote exploitation. Apple released patches addressing this in Quick...
CVE-2011-3248
CVE-2011-3248 affects Apple QuickTime (pre-7.7.1). A signedness error in the handling of font tables embedded in QuickTime movie files can be exploited by a crafted file to cause a remote code execution or application crash. The vulnerability is documented in ZDI-12-005 and tracked publicly with ...
CVE-2002-0252
CVE-2002-0252 affects Apple QuickTime Player 5.01 and 5.02. A buffer overflow is triggered by a remote web server sending a response with a long Content-Type MIME header, allowing arbitrary code execution. The vulnerability is tied to the Content-Type handling in the RTSP/HTTP response parsing. E...
CVE-2005-3708
CVE-2005-3708 describes an integer overflow in Apple QuickTime prior to 7.0.4, triggered by crafted TGA image files. The vulnerability allows remote code execution by exploiting the QuickTime image parsing path, as documented across multiple sources (NVD entry for CVE-2005-3708 and CERT advisorie...
CVE-2007-2388
CVE-2007-2388 affects Apple QuickTime for Java 7.1.6 on Mac OS X and Windows. The vulnerability arises from improper restriction of QTObject subclassing, allowing a remote attacker to execute arbitrary code via a web page that uses a user-defined class accessing unsafe functions to write to arbit...
CVE-2007-6238
Technical details for CVE-2007-6238 are not publicly provided in the provided documents; the Initial Description is vague. Monitor for updates.
CVE-2008-0778
Multiple stack-based buffer overflows exist in the QTPlugin.ocx ActiveX control of Apple QuickTime 7.4.1 and earlier. The vulnerability affects the QTPlugin.ocx component and is triggered by long arguments to the SetBgColor, SetHREF, SetMovieName, SetTarget, and SetMatrix methods, allowing remote...
CVE-2008-1016
CVE-2008-1016 concerns Apple QuickTime before 7.4.5. The flaw is in how QuickTime handles movie media tracks, causing memory corruption that can be triggered by a crafted movie file. Remote attackers could potentially execute arbitrary code or cause a crash when a user opens such a file. The vuln...
CVE-2008-1018
CVE-2008-1018 is a heap-based overflow in Apple QuickTime parsing of the MP4A atom (chan) that allows remote code execution when a malformed QuickTime movie is opened. Affected product: Apple QuickTime before 7.4.5. Root cause: heap corruption in Channel Compositor atom parsing. Impact: arbitrary...
CVE-2008-1019
Apple QuickTime (QuickTime.qts) prior to 7.4.5 contains a heap-based buffer overflow in PICT record parsing due to an improperly terminated memory copy loop. A crafted PICT image file can trigger remote code execution in the QuickTime process. Affected product/version: Apple QuickTime before 7.4....
CVE-2009-0002
CVE-2009-0002 is a heap-based buffer overflow in Apple QuickTime prior to 7.6 triggered by processing THKD atoms in QTVR movie files. Remote attackers could cause a denial of service and, in some cases, arbitrary code execution. Affected: QuickTime on Mac OS X and Windows (versions older than 7.6...
CVE-2009-0955
CVE-2009-0955 affects Apple QuickTime prior to 7.6.2 due to a sign-extension vulnerability in the Image Description Atom handling for Apple Video files. A remote attacker could entice a user to open a crafted QuickTime movie, triggering a memory corruption flaw that may lead to arbitrary code exe...
CVE-2010-1508
CVE-2010-1508 describes a heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows, triggered by parsing Track Header (tkhd) atoms and potentially allowing arbitrary code execution or a crash. OpenVAS notes the issue affects Windows QuickTime and does not affect Mac OS X. Secunia’s a...
CVE-2011-0211
CVE-2011-0211: Integer overflow in QuickTime’s handling of audio channels in QuickTime movie files on Mac OS X before 10.6.8. This can allow remote code execution or an application crash via a crafted movie file. Affected: Mac OS X versions prior to 10.6.8. Mitigation: update to Mac OS X 10.6.8 o...
CVE-2011-0213
Apple QuickTime contains multiple CVEs including CVE-2011-0213. The issue is a buffer overflow in QuickTime’s JPEG handling that can cause application termination or arbitrary code execution when processing a crafted JPEG, with impact on Mac OS X and Windows. For Mac OS X, Apple states the issue ...
CVE-2011-0248
CVE-2011-0248 : Stack-based buffer overflow in the QuickTime ActiveX control of Apple QuickTime on Windows (pre-7.7) when using Internet Explorer, exploitable via a crafted QTL file to execute arbitrary code or cause a crash. The connected Red Hat (RH:CVE-2011-0248) and ZDI advisories describe th...
CVE-2012-0666
The CVE-2012-0666 entry is confirmed to have concrete technical details in connected documents: Apple QuickTime on Windows contains a stack-based buffer overflow in the QuickTime plugin (QTPluginControl::SetLanguage) triggered via crafted QTMovie objects, enabling remote code execution or a crash...
CVE-2012-3758
CVE-2012-3758 affects Apple QuickTime before 7.7.3. A buffer overflow in handling the transform attribute of text3GTrack TeXML files can allow remote code execution or cause an application crash (DoS). Public references confirm vulnerability details and mention upgrading to QuickTime 7.7.3 as rem...
CVE-2014-1249
CVE-2014-1249 affects Apple QuickTime before 7.7.5. The vulnerability is a buffer overflow in the PSD image handling used by QuickTime, which can lead to remote arbitrary code execution or an application crash. Connected sources corroborate a PSD-related overflow in QuickTime, with multiple OpenV...