246 matches found
CVE-2014-4979
Apple QuickTime for Windows is affected by CVE-2014-4979 due to memory corruption in the mvhd atom when handling malformed version numbers and flags, potentially enabling arbitrary code execution or a crash. The issue is addressed in QuickTime 7.7.6, per the Apple security content; updating to th...
CVE-2015-7090
CVE-2015-7090 affects Apple QuickTime prior to 7.7.9. The vulnerability allows remote attackers to trigger memory corruption via a crafted movie file, potentially leading to arbitrary code execution or a denial of service (application crash). This is a separate issue from related CVEs (CVE-2015-7...
CVE-2006-1454
CVE-2006-1454 affects Apple QuickTime before 7.1. It is a heap-based buffer overflow in QuickDraw PICT image format support, enabling remote code execution when a crafted image is opened. Remediation per sources: upgrade to QuickTime 7.1 (Mac/Windows).
CVE-2006-4381
Apple QuickTime versions before 7.1.3 are affected by multiple integer/buffer overflow vulnerabilities in the H.264 processing path. A crafted H.264 movie (or other crafted media) can lead to remote code execution with the user’s privileges, typically via user interaction (opening a malicious fil...
CVE-2006-4384
CVE-2006-4384 : A heap-based buffer overflow in Apple QuickTime prior to 7.1.3 allows a user-assisted remote attacker to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. Impact is remote code execution within the user’s privileges; exploitation requires user interaction. Affec...
CVE-2007-0716
CVE-2007-0716 : Apple QuickTime before 7.1.5 contains a stack-based buffer overflow in QTIF file handling. A remote, user-assisted attacker can crash the application or potentially execute arbitrary code by presenting a crafted QTIF file. Corrective action identified in the connected sources is t...
CVE-2008-1021
Apple QuickTime contains a heap-based buffer overflow in the Animation codec content handling that can allow remote code execution via a crafted QuickTime movie using Run Length Encoding. Affected product: Apple QuickTime Player prior to 7.4.5 (Windows). Evidence across sources confirms the vulne...
CVE-2010-0527
CVE-2010-0527 affects Apple QuickTime on Windows prior to 7.6.6. The issue is an integer overflow in QuickTime’s handling of PICT images, which could allow remote code execution or a denial of service (application crash) when a crafted PICT image is processed. Multiple connected sources corrobora...
CVE-2010-0530
Summary: CVE-2010-0530 affects Apple QuickTime on Windows up to version 7.6.9. A filesystem permissions issue in the user profile’s Apple Computer directory allows a local user to read sensitive files. Affected software (from sources): QuickTime on Windows before 7.6.9. Root cause (as stated): We...
CVE-2010-4009
CVE-2010-4009 affects Apple QuickTime prior to 7.6.9. An integer overflow in QuickTime’s handling of movie files can allow a remote attacker to execute arbitrary code or crash the application. Impact is rated high (AV:N/AC:M/Au:N/C:C/I:C/A:C). Remediation: upgrade to QuickTime 7.6.9 or later as r...
CVE-2015-7086
Technical details for CVE-2015-7086 are not publicly provided in the connected documents. The initial description mentions QuickTime before 7.7.9 vulnerable to remote code execution via crafted movie files. No additional vendor/version specifics are available here; monitor for updates.
CVE-2004-0431
CVE-2004-0431 concerns Apple QuickTime (QuickTime.qts) before 6.5.1. The vulnerability is an integer overflow in the Sample-to-Chunk table handling that can overflow a heap and enable arbitrary code execution when a user opens a malicious QuickTime file. Affected component is QuickTime.qts in Qui...
CVE-2005-1579
CVE-2005-1579 affects Apple QuickTime Player 7.0 on Mac OS X 10.4, enabling information disclosure via a specially crafted .mov containing a Quartz Composer (.qtz) file that uses patches to read local data and send it to an attacker. The vulnerability is described in multiple sources, with a work...
CVE-2005-3707
Apple QuickTime before 7.0.4 contains a buffer overflow in the handling of TGA image files (CVE-2005-3707). A crafted TGA image could allow a remote attacker to execute arbitrary code on vulnerable systems running QuickTime, with the impact described as remote code execution. The issue is tied to...
CVE-2006-1465
CVE-2006-1465 : Buffer overflow in Apple QuickTime before 7.1 allows remote code execution via a crafted QuickTime AVI file. Affected: QuickTime on Windows and Mac OS X prior to 7.1. Exploitation could occur by sending a malformed file and having it opened with QuickTime Player. Remediation, wher...
CVE-2007-0714
Apple QuickTime UDTA atom integer overflow vulnerability (CVE-2007-0714) exists in parsing of UDTA data in QuickTime files. A crafted MOV file can trigger an integer overflow, leading to a heap overflow and potential remote code execution under the user’s context. Affected products are QuickTime ...
CVE-2007-0715
CVE-2007-0715: A heap-based buffer overflow in Apple QuickTime prior to 7.1.5 affects processing of PICT files. This allows remote user-assisted attackers to crash QuickTime and potentially execute arbitrary code. Affected product: Apple QuickTime (on macOS/Windows). Root cause: heap corruption t...
CVE-2007-0717
Apple QuickTime before 7.1.5 is affected by an integer overflow in handling QTIF files. A remote attacker could exploit a crafted QTIF to crash the QuickTime player or potentially execute arbitrary code, with impact on both macOS and Windows installations. Apple has addressed this issue in QuickT...
CVE-2007-2402
CVE-2007-2402 affects QuickTime for Java in Apple QuickTime prior to 7.2. The vulnerability is a failure to perform sufficient access control, enabling remote attackers to obtain sensitive information (screen content) via crafted Java applets. The primary sources describe the issue as a design/lo...
CVE-2008-1013
CVE-2008-1013 affects Apple QuickTime before version 7.4.5. The vulnerability arises from deserialization of QTJava objects by untrusted Java applets, enabling remote attackers to execute arbitrary code via a crafted applet. Impact is remote code execution with the attacker’s code running under t...
CVE-2008-1017
CVE-2008-1017 describes a heap‑based buffer overflow in the crgn atom parsing (quicktime.qts) of Apple QuickTime before 7.4.5. A crafted movie can cause arbitrary code execution in the user’s context. Affected product: Apple QuickTime (Windows/macOS)
CVE-2008-1585
CVE-2008-1585 concerns Apple QuickTime
CVE-2010-0536
CVE-2010-0536 affects Apple QuickTime on Windows, where handling of a crafted BMP image can lead to memory corruption, enabling remote code execution or a denial of service (application crash). Affected product/component: Apple QuickTime prior to 7.6.6 on Windows. Root cause: improper BMP handlin...
CVE-2010-3802
CVE-2010-3802 affects Apple QuickTime prior to 7.6.9. It is a memory-corruption/remote-code-execution risk caused by a signedness error in handling a crafted panorama atom in a QuickTime VR (QTVR) movie. Exploitation could lead to arbitrary code execution or an application crash. Remediation indi...
CVE-2013-0988
CVE-2013-0988 is a QuickTime FPX parsing vulnerability: a buffer overflow in handling FPX files could allow remote code execution (or application crash). The vulnerability is exploitable via a crafted FPX file, with attack vector over a network and no authentication, and is reflected in a high-se...
CVE-2013-1021
Apple QuickTime vulnerability CVE-2013-1021 is a buffer overflow in QuickTime before 7.7.4 triggered by crafted JPEG data in a movie file. This can allow remote code execution or a denial of service (application crash). Exploitation requires opening a malicious file or streaming data containing t...
CVE-2006-4382
CVE-2006-4382 affects Apple QuickTime prior to 7.1.3 (Mac OS X and Windows). Multiple vulnerabilities in QuickTime formats (MOV, FLC, SGI, H.264, FPX) include buffer/heap/integer overflows that could enable remote code execution when a user opens a crafted file. The advisories consistently state ...
CVE-2008-5406
Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 are affected by a stack-based buffer overflow in MOV parsing (described as an off-by-one overflow). This vulnerability can cause a denial of service and may allow arbitrary code execution, as noted in the CVE-2008-5406 description. OpenVAS entries ...
CVE-2009-0006
Apple QuickTime before 7.6 is affected by CVE-2009-0006, a Cinepak MDAT heap overflow due to a signedness error . This allows remote code execution or a denial of service when parsing Cinepak-encoded movie files with a crafted MDAT atom. Exploitation details across sources indicate the issue can ...
CVE-2009-0185
Apple QuickTime before 7.6.2 is affected by a heap-based buffer overflow in processing MS ADPCM encoded audio data within AVI files, enabling potential remote code execution or crash (DoS). Public docs list CVE-2009-0185 among a set of related QuickTime vulnerabilities; remediation is to update t...
CVE-2010-1819
CVE-2010-1819 relates to Apple QuickTime Picture Viewer prior to version 7.6.8. The vulnerability is an untrusted search path (DLL hijacking) issue where a Trojan horse placed alongside a .pic image can cause the Picture Viewer to load one of three libraries (CoreVideo.dll, CoreGraphics.dll, Core...
CVE-2010-3793
CVE-2010-3793 affects Apple QuickTime on Mac OS X (10.6.x). A memory corruption flaw in handling Sorenson-encoded movie files could allow a remote attacker to cause arbitrary code execution or an application crash. The issue is addressed in Mac OS X 10.6.5; systems prior to 10.6.5 are vulnerable....
CVE-2011-0249
Apple QuickTime (before 7.7) is affected by a heap-based buffer overflow in the STSC atom handling in QuickTime movie files, allowing remote code execution or a denial of service. The CVE-2011-0249 flaw is triggered when a crafted STSC atom causes memory corruption during parsing, as documented b...
CVE-2013-0989
CVE-2013-0989 : A buffer overflow in Apple QuickTime prior to 7.7.4 can be triggered by a crafted MP3 file, allowing remote attackers to execute arbitrary code or cause a denial of service (application crash). Public references in the providedOpenVAS/Nessus data confirm QuickTime as the vulnerabl...
CVE-2013-1018
Apple QuickTime CVE-2013-1018 is a buffer overflow in parsing of H.264-encoded movie data that could allow remote code execution or crash. It is documented as affecting QuickTime prior to 7.7.4; multiple advisories and scanners list this CVE among others related to QuickTime vulnerabilities. Reme...
CVE-2006-1249
CVE-2006-1249 describes an integer overflow in Apple QuickTime FPX image handling that can enable remote code execution. The vulnerability affects QuickTime Player versions 7.0.3/7.0.4 and related components (e.g., iTunes 6.x) due to a FPX field that specifies a large number of blocks, triggering...
CVE-2007-0059
CVE-2007-0059 is a cross-zone scripting vulnerability in Apple QuickTime 3–7.1.3 . A QuickTime movie (.MOV) with an HREF Track that contains an automatic action tag with a local URI can execute in the local zone during preview, enabling remote user‑assisted execution and the ability to list files...
CVE-2007-0712
Apple QuickTime (Windows/macOS) before 7.1.5 is affected by a heap-based buffer overflow when processing MIDI files, allowing remote, user-assisted attackers to cause a denial of service and possibly execute arbitrary code. The issue is triggered by crafted MIDI data and is documented as CVE-2007...
CVE-2007-2394
Apple QuickTime (Mac OS X) before 7.2 on 10.3.9/10.4.9 is affected by an integer overflow in SMIL parsing, specifically in title/author fields, due to improper memory allocation calculations. This can allow user‑assisted remote code execution when a user opens a crafted SMIL file or visits a craf...
CVE-2008-0032
Apple QuickTime before 7.4 is affected by CVE-2008-0032 due to a heap corruption vulnerability in processing Macintosh Resources embedded in QuickTime movie files. The issue arises from a modified length value in the resource header of a Macintosh Resource record, enabling remote attackers to tri...
CVE-2009-0954
Apple QuickTime for Windows is affected by CVE-2009-0954 due to a heap-based buffer overflow when parsing Clipping Region (CRGN) atoms in QuickTime movie files. The issue allows remote code execution or denial of service via a crafted movie file, with the root cause being improper bounds checks d...
CVE-2009-0957
CVE-2009-0957 describes a heap-based buffer overflow in Apple QuickTime prior to 7.6.2, triggered during parsing of JP2 images. The flaw can allow remote attackers to execute arbitrary code or cause an application crash, potentially leading to denial of service. Affected product: Apple QuickTime
CVE-2011-0210
CVE-2011-0210 affects QuickTime in Mac OS X prior to 10.6.8. The issue is an integer overflow in QuickTime’s handling of audio channels in movie files, which may lead to arbitrary code execution or a crash. The vulnerability is mitigated for Mac OS X by the 10.6.8 update (and related QuickTime up...
CVE-2004-0922
CVE-2004-0922 (Mac OS X AFP Server) affects AFP Server on Mac OS X 10.3.x through 10.3.5. The underlying issue is that the guest group ID is not properly set, which causes a write-only AFP Drop Box on a guest-mounted share to become read-write, allowing a guest to read the Drop Box. The connected...
CVE-2006-4385
CVE-2006-4385 refers to a buffer overflow in Apple QuickTime’s SGI image handling that could allow a user-assisted remote attacker to execute arbitrary code. Affected product: Apple QuickTime prior to 7.1.3 (Windows and Mac) with SGI format processing vulnerable. Impact per sources: potential rem...
CVE-2006-4388
Apple QuickTime (Mac and Windows) contains an integer overflow in FlashPix (FPX) format handling, listed as CVE-2006-4388, enabling user-assisted remote code execution via a crafted FPX file. Public advisories (GLSA 200803-08, etc.) group these with other QuickTime format issues and note that App...
CVE-2007-2296
CVE-2007-2296: Apple QuickTime contains an integer overflow in the FlipFileTypeAtom_BtoN function used when parsing M4V/MP4 files, allowing remote code execution. Affected: QuickTime 7.1.5 and earlier; prior reports indicate impact for versions before 7.2. The connected documents confirm the root...
CVE-2007-2395
Apple QuickTime before 7.3 contains a memory corruption vulnerability in handling image description atoms within movie files, allowing a remote attacker to execute arbitrary code. The CERT/NVD entries confirm a buffer/memory-related issue that can be triggered by a specially crafted QuickTime mov...
CVE-2007-2396
CVE-2007-2396 concerns the JDirect support in QuickTime for Java within Apple QuickTime prior to version 7.2. The vulnerability arises because JDirect exposes dangerous interfaces that can be abused by remote attackers via crafted Java applets to achieve arbitrary code execution. Some sources exp...
CVE-2007-4674
CVE-2007-4674 concerns Apple QuickTime 7.2. The vulnerability arises in parsing a movie atom with a large size value, triggering a stack-based buffer overflow in QuickTime’s parser. This allows remote code execution when a user opens a crafted movie file (or visits a malicious page). According to...