247 matches found
CVE-2010-0529
Apple QuickTime (Windows) is affected by a heap-based buffer overflow in QuickTime.qts when parsing a PICT image using the BkPixPat opcode (0x12). The flaw exists in Apple QuickTime before version 7.6.6, and can allow remote code execution or a denial of service via crafted images. Exploitation r...
CVE-2011-0186
CVE-2011-0186 affects Apple QuickTime on Mac OS X, where memory corruption in JPEG2000 handling could allow remote arbitrary code execution or a crash. The issue is tied to QuickTime’s JPEG2000 processing and is listed with a base score of 4.3 (Medium). Public docs indicate that Apple addressed r...
CVE-2011-0252
CVE-2011-0252 is a QuickTime vulnerability where a heap-based buffer overflow can be triggered by crafted STTS atoms in QuickTime movie files, allowing remote code execution. The issue arises from handling of invalid Time-To-Sample values, which can overflow a heap counter and compromise the proc...
CVE-2011-0256
Apple QuickTime contains an integer overflow in the handling of the TRUN atom (sampleCount) that can be triggered by crafted track run atoms in QuickTime movie files, impacting QuickTime before version 7.7. Exploitation could allow remote code execution or a denial of service (application crash) ...
CVE-2012-3755
Apple QuickTime contains a buffer overflow in the handling of Targa image files, affecting versions before 7.7.3. Successful exploitation can lead to arbitrary code execution or application crash. Remediation: upgrade to QuickTime 7.7.3 as per Apple advisory APPLE-SA-2012-11-07-1.
CVE-2014-1248
CVE-2014-1248 affects Apple QuickTime prior to 7.7.5. A buffer overflow in the handling of the ldat atom in movie files can allow remote code execution or cause an application crash (DoS). Mitigation: apply QuickTime 7.7.5 or later updates where this issue was addressed. Exploitation details are ...
CVE-2015-3662
CVE-2015-3662 affects the QT Media Foundation in Apple QuickTime up to version 7.7.7 (and is used in OS X prior to 10.10.4, among other products). The vulnerability allows remote attackers to trigger arbitrary code execution or cause a denial of service via a crafted file, due to a memory corrupt...
CVE-2015-3665
Apple QuickTime QT Media Foundation is affected by memory corruption vulnerabilities in versions prior to 7.7.7, allowing remote attackers to execute arbitrary code or cause denial of service via specially crafted files. CVE-2015-3665 (and related CVEs) are tied to these issues. Affected componen...
CVE-2015-3713
CVE-2015-3713 – Apple QuickTime memory corruption in OS X pre-10.10.4. The vulnerability exists in QuickTime handling of crafted movie files, enabling a remote attacker to cause a crash or run arbitrary code by processing a malicious file. Affected product: Mac OS X with QuickTime prior to 10.10....
CVE-2005-2755
The CVE-2005-2755 entry concerns Apple QuickTime Player prior to 7.0.3. The vulnerability is triggered by a crafted file containing a missing movie attribute, which leads to a NULL pointer dereference and causes a denial-of-service crash. Affected product: QuickTime Player (macOS/Windows), versio...
CVE-2007-0713
Apple QuickTime before 7.1.5 contains a heap-based buffer overflow in the handling of QuickTime movie files, allowing remote user-assisted attackers to crash the player and potentially execute arbitrary code. The vulnerability is triggered by specially crafted media files. Remediation is to upgra...
CVE-2008-3624
CVE-2008-3624 describes a heap-based buffer overflow in Apple QuickTime before 7.5.5 triggered by crafted QTVR panorama atoms in QuickTime movie files. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash). Affected product is QuickTi...
CVE-2009-2202
Apple QuickTime vulnerability CVE-2009-2202 exists in QuickTime’s handling of H.264 movie files and can allow remote code execution or a denial of service via memory corruption. In the OpenVAS/Nessus entries, the affected product is QuickTime on Mac OS X (and QuickTime on Windows), with the root ...
CVE-2010-3789
The CVE-2010-3789 issue affects QuickTime on Mac OS X (specifically Mac OS X 10.6.x prior to 10.6.5). It is a memory corruption vulnerability in QuickTime’s handling of AVI files that could allow arbitrary code execution or cause a denial of service through application crash. The underlying cause...
CVE-2012-0665
CVE-2012-0665 describes a heap-based buffer overflow in Apple QuickTime’s H.264 movie handling (specifically in the AVCC header logic) that can allow remote code execution when processing a crafted movie file. The issue affects vulnerable QuickTime versions prior to 7.7.2 and can be exploited wit...
CVE-2012-3751
CVE-2012-3751 (Apple QuickTime) : A use-after-free in the QuickTime plugin’s handling of qtactivex parameters within an HTML OBJECT can allow remote code execution or crash the application. Affected: Apple QuickTime before 7.7.3. Exploitation vector: crafted HTML document. Mitigation: upgrade to ...
CVE-2013-1022
CVE-2013-1022 is a buffer overflow in Apple QuickTime before 7.7.4 triggered by crafted mvhd atoms in movie files, potentially allowing arbitrary code execution or a crash. Affected products linked in public advisories include QuickTime on Windows; Apple-SA-2013-05-22-1 describes QuickTime 7.7.4 ...
CVE-2014-1247
CVE-2014-1247 affects Apple QuickTime prior to 7.7.5. A flaw in handling of dref atoms (as described in ZDI-14-046) can allow remote code execution or memory corruption when a user opens a crafted movie file or visits a malicious page; user interaction is required. Impact is execution of arbitrar...
CVE-2006-4386
CVE-2006-4386 affects Apple QuickTime prior to 7.1.3. The issue is an integer overflow in the H.264 processing path that can be triggered by a crafted H.264 movie. This vulnerability allows an attacker to execute arbitrary code on a vulnerable host and requires user assistance to trigger. Affecte...
CVE-2009-0005
CVE-2009-0005 concerns Apple QuickTime before 7.6. The vulnerability is described as memory corruption triggered by a crafted H.263-encoded movie file, allowing remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code. Several OpenVAS/Nessus entr...
CVE-2009-0952
CVE-2009-0952 refers to a buffer overflow in Apple QuickTime before 7.6.2 triggered by parsing a crafted PSD image, allowing remote code execution or a denial of service. Affected product: Apple QuickTime (Windows and Mac). Root cause: overflow in PSD image handling during header copy/size valida...
CVE-2010-3800
CVE-2010-3800 affects Apple QuickTime prior to 7.6.9, where a memory corruption in handling PICT files can lead to arbitrary code execution or a crash. The issue arises from inadequate validation during PICT processing, enabling remote exploitation. Apple released patches addressing this in Quick...
CVE-2011-0248
CVE-2011-0248 : Stack-based buffer overflow in the QuickTime ActiveX control of Apple QuickTime on Windows (pre-7.7) when using Internet Explorer, exploitable via a crafted QTL file to execute arbitrary code or cause a crash. The connected Red Hat (RH:CVE-2011-0248) and ZDI advisories describe th...
CVE-2011-1374
CVE-2011-1374 refers to a buffer overflow in Apple QuickTime prior to 7.7.3, affecting Windows. The root cause is improper handling of REGION records in PICT files, leading to potential remote code execution or application crash (denial of service). The affected product is Apple QuickTime for Win...
CVE-2011-3248
CVE-2011-3248 affects Apple QuickTime (pre-7.7.1). A signedness error in the handling of font tables embedded in QuickTime movie files can be exploited by a crafted file to cause a remote code execution or application crash. The vulnerability is documented in ZDI-12-005 and tracked publicly with ...
CVE-2013-0987
CVE-2013-0987 affects Apple QuickTime, with a memory corruption flaw in the handling of QTIF files that could allow remote code execution or a crash. The vulnerability is listed across multiple OpenVAS entries for Apple QuickTime/QuickTime Player (Mac OS X and Windows) and is tied to QuickTime’s ...
CVE-2015-7090
CVE-2015-7090 affects Apple QuickTime prior to 7.7.9. The vulnerability allows remote attackers to trigger memory corruption via a crafted movie file, potentially leading to arbitrary code execution or a denial of service (application crash). This is a separate issue from related CVEs (CVE-2015-7...
CVE-2002-0252
CVE-2002-0252 affects Apple QuickTime Player 5.01 and 5.02. A buffer overflow is triggered by a remote web server sending a response with a long Content-Type MIME header, allowing arbitrary code execution. The vulnerability is tied to the Content-Type handling in the RTSP/HTTP response parsing. E...
CVE-2005-3708
CVE-2005-3708 describes an integer overflow in Apple QuickTime prior to 7.0.4, triggered by crafted TGA image files. The vulnerability allows remote code execution by exploiting the QuickTime image parsing path, as documented across multiple sources (NVD entry for CVE-2005-3708 and CERT advisorie...
CVE-2005-3711
Apple QuickTime
CVE-2006-1464
CVE-2006-1464 is a buffer overflow in Apple QuickTime before 7.1 that enables a remote attacker to execute arbitrary code by supplying a crafted MPEG-4 (M4P) video file. The CERT entry corroborates that both Mac OS X and Windows QuickTime installations are affected, with the vulnerability trigger...
CVE-2006-4381
Apple QuickTime versions before 7.1.3 are affected by multiple integer/buffer overflow vulnerabilities in the H.264 processing path. A crafted H.264 movie (or other crafted media) can lead to remote code execution with the user’s privileges, typically via user interaction (opening a malicious fil...
CVE-2007-2388
CVE-2007-2388 affects Apple QuickTime for Java 7.1.6 on Mac OS X and Windows. The vulnerability arises from improper restriction of QTObject subclassing, allowing a remote attacker to execute arbitrary code via a web page that uses a user-defined class accessing unsafe functions to write to arbit...
CVE-2007-2389
CVE-2007-2389 concerns Apple QuickTime for Java 7.1.6 on Mac OS X and Windows. The root cause is that QuickTime for Java does not clear memory before use, potentially allowing a remote attacker to read memory from a web browser via Java applets. Impact is memory disclosure from the browser contex...
CVE-2007-4673
CVE-2007-4673 is an argument-injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista. The issue allows remote attackers to execute arbitrary commands via a URL contained in the qtnext field of a crafted QuickTime QTL file. The description notes potential relation to CVE-2006-4...
CVE-2008-1016
CVE-2008-1016 concerns Apple QuickTime before 7.4.5. The flaw is in how QuickTime handles movie media tracks, causing memory corruption that can be triggered by a crafted movie file. Remote attackers could potentially execute arbitrary code or cause a crash when a user opens such a file. The vuln...
CVE-2008-1018
CVE-2008-1018 is a heap-based overflow in Apple QuickTime parsing of the MP4A atom (chan) that allows remote code execution when a malformed QuickTime movie is opened. Affected product: Apple QuickTime before 7.4.5. Root cause: heap corruption in Channel Compositor atom parsing. Impact: arbitrary...
CVE-2008-1019
Apple QuickTime (QuickTime.qts) prior to 7.4.5 contains a heap-based buffer overflow in PICT record parsing due to an improperly terminated memory copy loop. A crafted PICT image file can trigger remote code execution in the QuickTime process. Affected product/version: Apple QuickTime before 7.4....
CVE-2009-0002
CVE-2009-0002 is a heap-based buffer overflow in Apple QuickTime prior to 7.6 triggered by processing THKD atoms in QTVR movie files. Remote attackers could cause a denial of service and, in some cases, arbitrary code execution. Affected: QuickTime on Mac OS X and Windows (versions older than 7.6...
CVE-2009-0955
CVE-2009-0955 affects Apple QuickTime prior to 7.6.2 due to a sign-extension vulnerability in the Image Description Atom handling for Apple Video files. A remote attacker could entice a user to open a crafted QuickTime movie, triggering a memory corruption flaw that may lead to arbitrary code exe...
CVE-2009-2799
Apple QuickTime is affected by CVE-2009-2799 (heap-based buffer overflow) due to how H.264 movie files are processed. The vulnerability can allow remote code execution or a denial-of-service condition (crash) when a crafted H.264 file is opened. Affected product is QuickTime on macOS; remediation...
CVE-2010-1799
CVE-2010-1799 describes a stack-based buffer overflow in Apple QuickTime’s error-logging path on Windows, exploitable via a crafted SMIL/movie file to execute arbitrary code or cause a denial of service. Affected product/version: Apple QuickTime before 7.6.7 (Windows). Root cause: boundary/stack ...
CVE-2010-4009
CVE-2010-4009 affects Apple QuickTime prior to 7.6.9. An integer overflow in QuickTime’s handling of movie files can allow a remote attacker to execute arbitrary code or crash the application. Impact is rated high (AV:N/AC:M/Au:N/C:C/I:C/A:C). Remediation: upgrade to QuickTime 7.6.9 or later as r...
CVE-2011-0211
CVE-2011-0211: Integer overflow in QuickTime’s handling of audio channels in QuickTime movie files on Mac OS X before 10.6.8. This can allow remote code execution or an application crash via a crafted movie file. Affected: Mac OS X versions prior to 10.6.8. Mitigation: update to Mac OS X 10.6.8 o...
CVE-2011-0213
Apple QuickTime contains multiple CVEs including CVE-2011-0213. The issue is a buffer overflow in QuickTime’s JPEG handling that can cause application termination or arbitrary code execution when processing a crafted JPEG, with impact on Mac OS X and Windows. For Mac OS X, Apple states the issue ...
CVE-2012-0666
The CVE-2012-0666 entry is confirmed to have concrete technical details in connected documents: Apple QuickTime on Windows contains a stack-based buffer overflow in the QuickTime plugin (QTPluginControl::SetLanguage) triggered via crafted QTMovie objects, enabling remote code execution or a crash...
CVE-2012-0668
CVE-2012-0668 is a vulnerability in Apple QuickTime where the RLE decoding path in QuickTime’s movie sample handling can overflow a buffer. The issue allows remote attackers to trigger a buffer overflow, enabling arbitrary code execution or a denial of service (application crash) by the user open...
CVE-2014-1249
CVE-2014-1249 affects Apple QuickTime before 7.7.5. The vulnerability is a buffer overflow in the PSD image handling used by QuickTime, which can lead to remote arbitrary code execution or an application crash. Connected sources corroborate a PSD-related overflow in QuickTime, with multiple OpenV...
CVE-2006-4384
CVE-2006-4384 : A heap-based buffer overflow in Apple QuickTime prior to 7.1.3 allows a user-assisted remote attacker to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. Impact is remote code execution within the user’s privileges; exploitation requires user interaction. Affec...