246 matches found
CVE-2011-0213
Apple QuickTime contains multiple CVEs including CVE-2011-0213. The issue is a buffer overflow in QuickTime’s JPEG handling that can cause application termination or arbitrary code execution when processing a crafted JPEG, with impact on Mac OS X and Windows. For Mac OS X, Apple states the issue ...
CVE-2012-0666
The CVE-2012-0666 entry is confirmed to have concrete technical details in connected documents: Apple QuickTime on Windows contains a stack-based buffer overflow in the QuickTime plugin (QTPluginControl::SetLanguage) triggered via crafted QTMovie objects, enabling remote code execution or a crash...
CVE-2014-1249
CVE-2014-1249 affects Apple QuickTime before 7.7.5. The vulnerability is a buffer overflow in the PSD image handling used by QuickTime, which can lead to remote arbitrary code execution or an application crash. Connected sources corroborate a PSD-related overflow in QuickTime, with multiple OpenV...
CVE-2014-4979
Apple QuickTime for Windows is affected by CVE-2014-4979 due to memory corruption in the mvhd atom when handling malformed version numbers and flags, potentially enabling arbitrary code execution or a crash. The issue is addressed in QuickTime 7.7.6, per the Apple security content; updating to th...
CVE-2005-1579
CVE-2005-1579 affects Apple QuickTime Player 7.0 on Mac OS X 10.4, enabling information disclosure via a specially crafted .mov containing a Quartz Composer (.qtz) file that uses patches to read local data and send it to an attacker. The vulnerability is described in multiple sources, with a work...
CVE-2006-4384
CVE-2006-4384 : A heap-based buffer overflow in Apple QuickTime prior to 7.1.3 allows a user-assisted remote attacker to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. Impact is remote code execution within the user’s privileges; exploitation requires user interaction. Affec...
CVE-2007-0716
CVE-2007-0716 : Apple QuickTime before 7.1.5 contains a stack-based buffer overflow in QTIF file handling. A remote, user-assisted attacker can crash the application or potentially execute arbitrary code by presenting a crafted QTIF file. Corrective action identified in the connected sources is t...
CVE-2008-0778
Multiple stack-based buffer overflows exist in the QTPlugin.ocx ActiveX control of Apple QuickTime 7.4.1 and earlier. The vulnerability affects the QTPlugin.ocx component and is triggered by long arguments to the SetBgColor, SetHREF, SetMovieName, SetTarget, and SetMatrix methods, allowing remote...
CVE-2008-1017
CVE-2008-1017 describes a heap‑based buffer overflow in the crgn atom parsing (quicktime.qts) of Apple QuickTime before 7.4.5. A crafted movie can cause arbitrary code execution in the user’s context. Affected product: Apple QuickTime (Windows/macOS)
CVE-2010-0527
CVE-2010-0527 affects Apple QuickTime on Windows prior to 7.6.6. The issue is an integer overflow in QuickTime’s handling of PICT images, which could allow remote code execution or a denial of service (application crash) when a crafted PICT image is processed. Multiple connected sources corrobora...
CVE-2010-3802
CVE-2010-3802 affects Apple QuickTime prior to 7.6.9. It is a memory-corruption/remote-code-execution risk caused by a signedness error in handling a crafted panorama atom in a QuickTime VR (QTVR) movie. Exploitation could lead to arbitrary code execution or an application crash. Remediation indi...
CVE-2012-3758
CVE-2012-3758 affects Apple QuickTime before 7.7.3. A buffer overflow in handling the transform attribute of text3GTrack TeXML files can allow remote code execution or cause an application crash (DoS). Public references confirm vulnerability details and mention upgrading to QuickTime 7.7.3 as rem...
CVE-2015-7086
Technical details for CVE-2015-7086 are not publicly provided in the connected documents. The initial description mentions QuickTime before 7.7.9 vulnerable to remote code execution via crafted movie files. No additional vendor/version specifics are available here; monitor for updates.
CVE-2004-0431
CVE-2004-0431 concerns Apple QuickTime (QuickTime.qts) before 6.5.1. The vulnerability is an integer overflow in the Sample-to-Chunk table handling that can overflow a heap and enable arbitrary code execution when a user opens a malicious QuickTime file. Affected component is QuickTime.qts in Qui...
CVE-2006-1465
CVE-2006-1465 : Buffer overflow in Apple QuickTime before 7.1 allows remote code execution via a crafted QuickTime AVI file. Affected: QuickTime on Windows and Mac OS X prior to 7.1. Exploitation could occur by sending a malformed file and having it opened with QuickTime Player. Remediation, wher...
CVE-2007-0715
CVE-2007-0715: A heap-based buffer overflow in Apple QuickTime prior to 7.1.5 affects processing of PICT files. This allows remote user-assisted attackers to crash QuickTime and potentially execute arbitrary code. Affected product: Apple QuickTime (on macOS/Windows). Root cause: heap corruption t...
CVE-2007-0717
Apple QuickTime before 7.1.5 is affected by an integer overflow in handling QTIF files. A remote attacker could exploit a crafted QTIF to crash the QuickTime player or potentially execute arbitrary code, with impact on both macOS and Windows installations. Apple has addressed this issue in QuickT...
CVE-2007-2402
CVE-2007-2402 affects QuickTime for Java in Apple QuickTime prior to 7.2. The vulnerability is a failure to perform sufficient access control, enabling remote attackers to obtain sensitive information (screen content) via crafted Java applets. The primary sources describe the issue as a design/lo...
CVE-2008-1013
CVE-2008-1013 affects Apple QuickTime before version 7.4.5. The vulnerability arises from deserialization of QTJava objects by untrusted Java applets, enabling remote attackers to execute arbitrary code via a crafted applet. Impact is remote code execution with the attacker’s code running under t...
CVE-2008-1585
CVE-2008-1585 concerns Apple QuickTime
CVE-2010-0530
Summary: CVE-2010-0530 affects Apple QuickTime on Windows up to version 7.6.9. A filesystem permissions issue in the user profile’s Apple Computer directory allows a local user to read sensitive files. Affected software (from sources): QuickTime on Windows before 7.6.9. Root cause (as stated): We...
CVE-2010-1819
CVE-2010-1819 relates to Apple QuickTime Picture Viewer prior to version 7.6.8. The vulnerability is an untrusted search path (DLL hijacking) issue where a Trojan horse placed alongside a .pic image can cause the Picture Viewer to load one of three libraries (CoreVideo.dll, CoreGraphics.dll, Core...
CVE-2010-3793
CVE-2010-3793 affects Apple QuickTime on Mac OS X (10.6.x). A memory corruption flaw in handling Sorenson-encoded movie files could allow a remote attacker to cause arbitrary code execution or an application crash. The issue is addressed in Mac OS X 10.6.5; systems prior to 10.6.5 are vulnerable....
CVE-2013-1021
Apple QuickTime vulnerability CVE-2013-1021 is a buffer overflow in QuickTime before 7.7.4 triggered by crafted JPEG data in a movie file. This can allow remote code execution or a denial of service (application crash). Exploitation requires opening a malicious file or streaming data containing t...
CVE-2005-3707
Apple QuickTime before 7.0.4 contains a buffer overflow in the handling of TGA image files (CVE-2005-3707). A crafted TGA image could allow a remote attacker to execute arbitrary code on vulnerable systems running QuickTime, with the impact described as remote code execution. The issue is tied to...
CVE-2006-1249
CVE-2006-1249 describes an integer overflow in Apple QuickTime FPX image handling that can enable remote code execution. The vulnerability affects QuickTime Player versions 7.0.3/7.0.4 and related components (e.g., iTunes 6.x) due to a FPX field that specifies a large number of blocks, triggering...
CVE-2006-4382
CVE-2006-4382 affects Apple QuickTime prior to 7.1.3 (Mac OS X and Windows). Multiple vulnerabilities in QuickTime formats (MOV, FLC, SGI, H.264, FPX) include buffer/heap/integer overflows that could enable remote code execution when a user opens a crafted file. The advisories consistently state ...
CVE-2007-2394
Apple QuickTime (Mac OS X) before 7.2 on 10.3.9/10.4.9 is affected by an integer overflow in SMIL parsing, specifically in title/author fields, due to improper memory allocation calculations. This can allow user‑assisted remote code execution when a user opens a crafted SMIL file or visits a craf...
CVE-2008-0032
Apple QuickTime before 7.4 is affected by CVE-2008-0032 due to a heap corruption vulnerability in processing Macintosh Resources embedded in QuickTime movie files. The issue arises from a modified length value in the resource header of a Macintosh Resource record, enabling remote attackers to tri...
CVE-2008-5406
Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 are affected by a stack-based buffer overflow in MOV parsing (described as an off-by-one overflow). This vulnerability can cause a denial of service and may allow arbitrary code execution, as noted in the CVE-2008-5406 description. OpenVAS entries ...
CVE-2009-0006
Apple QuickTime before 7.6 is affected by CVE-2009-0006, a Cinepak MDAT heap overflow due to a signedness error . This allows remote code execution or a denial of service when parsing Cinepak-encoded movie files with a crafted MDAT atom. Exploitation details across sources indicate the issue can ...
CVE-2009-0185
Apple QuickTime before 7.6.2 is affected by a heap-based buffer overflow in processing MS ADPCM encoded audio data within AVI files, enabling potential remote code execution or crash (DoS). Public docs list CVE-2009-0185 among a set of related QuickTime vulnerabilities; remediation is to update t...
CVE-2009-0957
CVE-2009-0957 describes a heap-based buffer overflow in Apple QuickTime prior to 7.6.2, triggered during parsing of JP2 images. The flaw can allow remote attackers to execute arbitrary code or cause an application crash, potentially leading to denial of service. Affected product: Apple QuickTime
CVE-2010-0536
CVE-2010-0536 affects Apple QuickTime on Windows, where handling of a crafted BMP image can lead to memory corruption, enabling remote code execution or a denial of service (application crash). Affected product/component: Apple QuickTime prior to 7.6.6 on Windows. Root cause: improper BMP handlin...
CVE-2011-0210
CVE-2011-0210 affects QuickTime in Mac OS X prior to 10.6.8. The issue is an integer overflow in QuickTime’s handling of audio channels in movie files, which may lead to arbitrary code execution or a crash. The vulnerability is mitigated for Mac OS X by the 10.6.8 update (and related QuickTime up...
CVE-2011-0249
Apple QuickTime (before 7.7) is affected by a heap-based buffer overflow in the STSC atom handling in QuickTime movie files, allowing remote code execution or a denial of service. The CVE-2011-0249 flaw is triggered when a crafted STSC atom causes memory corruption during parsing, as documented b...
CVE-2013-0988
CVE-2013-0988 is a QuickTime FPX parsing vulnerability: a buffer overflow in handling FPX files could allow remote code execution (or application crash). The vulnerability is exploitable via a crafted FPX file, with attack vector over a network and no authentication, and is reflected in a high-se...
CVE-2013-0989
CVE-2013-0989 : A buffer overflow in Apple QuickTime prior to 7.7.4 can be triggered by a crafted MP3 file, allowing remote attackers to execute arbitrary code or cause a denial of service (application crash). Public references in the providedOpenVAS/Nessus data confirm QuickTime as the vulnerabl...
CVE-2006-4385
CVE-2006-4385 refers to a buffer overflow in Apple QuickTime’s SGI image handling that could allow a user-assisted remote attacker to execute arbitrary code. Affected product: Apple QuickTime prior to 7.1.3 (Windows and Mac) with SGI format processing vulnerable. Impact per sources: potential rem...
CVE-2006-4388
Apple QuickTime (Mac and Windows) contains an integer overflow in FlashPix (FPX) format handling, listed as CVE-2006-4388, enabling user-assisted remote code execution via a crafted FPX file. Public advisories (GLSA 200803-08, etc.) group these with other QuickTime format issues and note that App...
CVE-2007-0714
Apple QuickTime UDTA atom integer overflow vulnerability (CVE-2007-0714) exists in parsing of UDTA data in QuickTime files. A crafted MOV file can trigger an integer overflow, leading to a heap overflow and potential remote code execution under the user’s context. Affected products are QuickTime ...
CVE-2008-1022
CVE-2008-1022 describes a stack-based buffer overflow in Apple QuickTime before 7.4.5, triggered by parsing the QuickTime VR VR movie atom named “obji” with a size of zero. A remote attacker could cause arbitrary code execution by delivering a crafted VR movie file that exploits this atom-parsing...
CVE-2013-1018
Apple QuickTime CVE-2013-1018 is a buffer overflow in parsing of H.264-encoded movie data that could allow remote code execution or crash. It is documented as affecting QuickTime prior to 7.7.4; multiple advisories and scanners list this CVE among others related to QuickTime vulnerabilities. Reme...
CVE-2004-0922
CVE-2004-0922 (Mac OS X AFP Server) affects AFP Server on Mac OS X 10.3.x through 10.3.5. The underlying issue is that the guest group ID is not properly set, which causes a write-only AFP Drop Box on a guest-mounted share to become read-write, allowing a guest to read the Drop Box. The connected...
CVE-2006-1459
CVE-2006-1459 refers to multiple integer overflows in Apple QuickTime before 7.1 that allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV). The vulnerability affects QuickTime on Mac OS X and Windows prior to 7.1; exploitation involves...
CVE-2006-1463
Apple QuickTime before 7.1 is affected by a heap-based buffer overflow in the H.264 (M4V) parsing path. The vulnerability arises from a memory copy loop that trusts a user-supplied size value, enabling remote code execution when a malformed video file is opened or embedded. The issue is documente...
CVE-2006-4389
Apple QuickTime (Windows and Mac OS X) prior to version 7.1.3 is affected by CVE-2006-4389 (FPX/FlashPix format) where an exception leads to an operation on an uninitialized object, enabling user-assisted remote code execution. The issue is part of a set of QuickTime vulnerabilities (MOV/FPX/SGI/...
CVE-2007-0059
CVE-2007-0059 is a cross-zone scripting vulnerability in Apple QuickTime 3–7.1.3 . A QuickTime movie (.MOV) with an HREF Track that contains an automatic action tag with a local URI can execute in the local zone during preview, enabling remote user‑assisted execution and the ability to list files...
CVE-2007-0712
Apple QuickTime (Windows/macOS) before 7.1.5 is affected by a heap-based buffer overflow when processing MIDI files, allowing remote, user-assisted attackers to cause a denial of service and possibly execute arbitrary code. The issue is triggered by crafted MIDI data and is documented as CVE-2007...
CVE-2007-2295
CVE-2007-2295 describes a heap-based buffer overflow in the QuickTime component JVTCompEncodeFrame used when processing malformed H.264 MOV files. Affected product: Apple QuickTime 7.1.5 and earlier versions up to 7.2. The underlying issue is insufficient bounds checking, which allows remote atta...