Lucene search
K
AppleQuicktime

246 matches found

CVE
CVE
added 2009/06/02 6:0 p.m.55 views

CVE-2009-0957

CVE-2009-0957 describes a heap-based buffer overflow in Apple QuickTime prior to 7.6.2, triggered during parsing of JP2 images. The flaw can allow remote attackers to execute arbitrary code or cause an application crash, potentially leading to denial of service. Affected product: Apple QuickTime

9.3CVSS8AI score0.05691EPSS
CVE
CVE
added 2011/08/04 1:0 a.m.55 views

CVE-2011-0245

Apple QuickTime prior to version 7.7 is affected by a buffer overflow in the handling of pict files, allowing remote code execution or denial of service. Affected component: QuickTime (Windows/Mac). Root cause: buffer overflow when parsing pict data. Impact: arbitrary code execution or applicatio...

9.3CVSS7.8AI score0.0418EPSS
CVE
CVE
added 2006/05/12 8:0 p.m.54 views

CVE-2006-1463

Apple QuickTime before 7.1 is affected by a heap-based buffer overflow in the H.264 (M4V) parsing path. The vulnerability arises from a memory copy loop that trusts a user-supplied size value, enabling remote code execution when a malformed video file is opened or embedded. The issue is documente...

5.1CVSS7.6AI score0.06516EPSS
CVE
CVE
added 2006/09/12 11:0 p.m.54 views

CVE-2006-4388

Apple QuickTime (Mac and Windows) contains an integer overflow in FlashPix (FPX) format handling, listed as CVE-2006-4388, enabling user-assisted remote code execution via a crafted FPX file. Public advisories (GLSA 200803-08, etc.) group these with other QuickTime format issues and note that App...

5.1CVSS7.2AI score0.05526EPSS
CVE
CVE
added 2006/09/12 11:0 p.m.54 views

CVE-2006-4389

Apple QuickTime (Windows and Mac OS X) prior to version 7.1.3 is affected by CVE-2006-4389 (FPX/FlashPix format) where an exception leads to an operation on an uninitialized object, enabling user-assisted remote code execution. The issue is part of a set of QuickTime vulnerabilities (MOV/FPX/SGI/...

5.1CVSS7AI score0.07253EPSS
CVE
CVE
added 2007/01/05 12:0 a.m.54 views

CVE-2007-0059

CVE-2007-0059 is a cross-zone scripting vulnerability in Apple QuickTime 3–7.1.3 . A QuickTime movie (.MOV) with an HREF Track that contains an automatic action tag with a local URI can execute in the local zone during preview, enabling remote user‑assisted execution and the ability to list files...

6.8CVSS6.7AI score0.05638EPSS
CVE
CVE
added 2007/03/05 10:0 p.m.54 views

CVE-2007-0712

Apple QuickTime (Windows/macOS) before 7.1.5 is affected by a heap-based buffer overflow when processing MIDI files, allowing remote, user-assisted attackers to cause a denial of service and possibly execute arbitrary code. The issue is triggered by crafted MIDI data and is documented as CVE-2007...

9.3CVSS7.6AI score0.06893EPSS
CVE
CVE
added 2007/12/15 1:0 a.m.54 views

CVE-2007-4706

Apple QuickTime prior to version 7.3.1 is affected by a heap-based buffer overflow in the QTL file parsing that can allow a remote attacker to execute arbitrary code. This vulnerability affects QuickTime on multiple platforms referenced in CVE-2007-4706, with an impact described as potential remo...

6.8CVSS7.6AI score0.03082EPSS
CVE
CVE
added 2008/06/10 6:0 p.m.54 views

CVE-2008-1582

Apple QuickTime before 7.5 contains a memory corruption vulnerability in handling AAC-encoded media, allowing remote attackers to crash the player and potentially execute arbitrary code by opening a crafted AAC file. This CVE (CVE-2008-1582) is part of a set of related issues affecting QuickTime

6.8CVSS7.4AI score0.03736EPSS
CVE
CVE
added 2008/09/10 4:0 p.m.54 views

CVE-2008-3625

Apple QuickTime before 7.5.5 is affected by a stack-based buffer overflow in the PDAT atom of QuickTime VR (QTVR) files, triggered by crafted panorama track elements (maxTilt, minFieldOfView, maxFieldOfView). Exploitation can lead to remote code execution or a denial of service. Remediation: upgr...

9.3CVSS7.8AI score0.06645EPSS
CVE
CVE
added 2009/01/21 8:0 p.m.54 views

CVE-2009-0004

Apple QuickTime prior to 7.6 is affected by multiple CVEs including CVE-2009-0004, where a buffer overflow in QuickTime’s handling of MPEG-2/MP3 content can cause application termination or arbitrary code execution. The OpenVAS/Nessus entries reference Windows and Mac OS X variants of QuickTime

9.3CVSS7.8AI score0.05663EPSS
CVE
CVE
added 2012/05/16 1:0 a.m.54 views

CVE-2012-0265

CVE-2012-0265 is a stack-based buffer overflow in Apple QuickTime prior to 7.7.2 on Windows, exploitable via a crafted file pathname to execute arbitrary code or cause a crash. Public references confirm multiple CVEs around QuickTime 7.7.2 vulnerabilities and list CVE-2012-0265 among them. The Op...

9.3CVSS8AI score0.04954EPSS
CVE
CVE
added 2013/05/24 10:0 a.m.54 views

CVE-2013-1015

Apple QuickTime TeXML memory corruption vulnerability (CVE-2013-1015) exists due to insufficient validation of coordinates in textBox/defaultTextBox within TeXML files. A remote attacker could trigger memory corruption, enabling arbitrary code execution or crash. Public reports (ZDI-13-112) descr...

9.3CVSS7.5AI score0.03335EPSS
CVE
CVE
added 2013/05/24 10:0 a.m.54 views

CVE-2013-1016

CVE-2013-1016: Apple QuickTime before 7.7.4 contains a buffer overflow in the H.263 parsing path that can lead to remote code execution or a denial of service when processing crafted movie files. ZDI and multiple advisories describe this as a remote-code-execution vulnerability in QuickTime’s han...

9.3CVSS7.8AI score0.04943EPSS
CVE
CVE
added 2004/10/28 4:0 a.m.53 views

CVE-2004-0988

CVE-2004-0988 affects Apple QuickTime prior to 6.5.2 on Windows. The issue is an integer overflow in QuickTime components that can trigger a large memory operation, leading to memory consumption and a potential denial of service. Multiple sources (NVD, Red Hat, CVE, CVE List) describe the same ro...

5CVSS6.9AI score0.01217EPSS
CVE
CVE
added 2006/01/11 6:0 p.m.53 views

CVE-2005-3710

Summary: CVE-2005-3710 is an Apple QuickTime TIFF handling vulnerability. A crafted TIFF image with modified ImageWidth triggers an integer overflow in QuickTime before version 7.0.4, which could allow remote code execution or a denial of service on affected systems (Mac OS X and Windows). Severa...

7.5CVSS7.5AI score0.07339EPSS
CVE
CVE
added 2006/05/12 8:0 p.m.53 views

CVE-2006-1459

CVE-2006-1459 refers to multiple integer overflows in Apple QuickTime before 7.1 that allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV). The vulnerability affects QuickTime on Mac OS X and Windows prior to 7.1; exploitation involves...

5.1CVSS7.4AI score0.04417EPSS
CVE
CVE
added 2007/07/15 9:0 p.m.53 views

CVE-2007-2396

CVE-2007-2396 concerns the JDirect support in QuickTime for Java within Apple QuickTime prior to version 7.2. The vulnerability arises because JDirect exposes dangerous interfaces that can be abused by remote attackers via crafted Java applets to achieve arbitrary code execution. Some sources exp...

9.3CVSS7.3AI score0.06876EPSS
CVE
CVE
added 2009/01/21 8:0 p.m.53 views

CVE-2009-0003

Apple QuickTime prior to 7.6 contains a heap-based buffer overflow in processing AVI headers, specifically when the nBlockAlign value in the _WAVEFORMATEX structure is malformed. Consequences cited include possible DoS (application termination) and arbitrary code execution. CVE-2009-0003 is corro...

9.3CVSS7.9AI score0.09396EPSS
CVE
CVE
added 2009/06/02 6:0 p.m.53 views

CVE-2009-0953

CVE-2009-0953 affects Apple QuickTime prior to 7.6.2, where handling of PICT images can cause a heap-based buffer overflow, enabling remote code execution or a denial of service. Affected products are QuickTime on Windows and Mac OS X as part of the QuickTime suite. The vulnerability stems from p...

9.3CVSS8AI score0.05388EPSS
CVE
CVE
added 2009/06/02 6:0 p.m.53 views

CVE-2009-0956

Apple QuickTime before 7.6.2 contains an uninitialized memory access in handling movie files, allowing remote code execution or a crash via a movie containing a user data atom of size zero. The CVE-2009-0956 entry is part of a set of related QuickTime vulnerabilities; remediation is to apply the ...

9.3CVSS7.7AI score0.05083EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.52 views

CVE-2002-0376

Technical details about CVE-2002-0376 are not publicly provided in the supplied documents. Monitor for updates for affected products, vulnerable components and fixes; no concrete exploit vectors or mitigations are described here.

7.5CVSS7.9AI score0.03777EPSS
CVE
CVE
added 2006/05/12 9:0 p.m.52 views

CVE-2006-2238

CVE-2006-2238 describes a heap-based buffer overflow in Apple QuickTime before 7.1 triggered by a crafted BMP file that overflows in the ReadBMP function, allowing remote code execution. The vulnerability affects QuickTime’s BMP handling across multiple products; exploitation details and affected...

7.5CVSS7.6AI score0.06912EPSS
CVE
CVE
added 2007/05/14 9:0 p.m.52 views

CVE-2007-0754

Apple QuickTime before 7.1.3 is affected by a heap-based buffer overflow in the STSD atom size parsing, allowing user-assisted remote code execution via a crafted QuickTime movie. The issue is tied to the STSD parsing path in QuickTime; vendor patch available in QuickTime 7.1.3. If not upgrading,...

9.3CVSS7.6AI score0.0503EPSS
CVE
CVE
added 2008/06/10 6:0 p.m.52 views

CVE-2008-1584

Apple QuickTime before 7.5 is affected by a stack-based buffer overflow in Indeo.qtx when parsing Indeo video content, allowing remote attackers to crash the player or execute arbitrary code via crafted movie files. The vulnerability stems from inadequate bounds checking in Indeo.qtx. Affected pr...

6.8CVSS7.7AI score0.05728EPSS
CVE
CVE
added 2008/09/03 7:0 p.m.52 views

CVE-2008-1739

Apple QuickTime before 7.4.5 is affected by CVE-2008-1739. The flaw allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, triggering memory corruption. Affected component: QuickTime parsing of ftyp atoms in MP4/MOV...

6.8CVSS7.5AI score0.0186EPSS
CVE
CVE
added 2009/06/02 6:0 p.m.52 views

CVE-2009-0188

CVE-2009-0188 concerns Apple QuickTime before 7.6.2, where a crafted Sorenson 3 video file can cause memory corruption, leading to arbitrary code execution or an application crash. The vulnerability is part of a set of QuickTime parsing flaws (including how it handles Sorenson Video 3 content and...

9.3CVSS7.8AI score0.0486EPSS
CVE
CVE
added 2006/01/11 6:0 p.m.51 views

CVE-2005-3709

Apple QuickTime Player before 7.0.4 is affected by an integer underflow in the Color Map Entry Size when parsing TGA images, potentially allowing a remote attacker to cause a crash or execute arbitrary code. Fortinet/Apple advisories confirm the issue is triggered by specially crafted TGA files a...

7.5CVSS7.4AI score0.03991EPSS
CVE
CVE
added 2006/05/12 8:0 p.m.51 views

CVE-2006-1462

CVE-2006-1462 concerns multiple integer overflows in Apple QuickTime prior to 7.1 that allow remote code execution via crafted QuickTime H.264 (M4V) files. Affected platforms include QuickTime on Mac OS X and Windows versions before 7.1. The NVD entry reports a base score of 5.1 (Medium) with net...

5.1CVSS7.2AI score0.04417EPSS
CVE
CVE
added 2008/04/04 5:0 p.m.51 views

CVE-2008-1014

Apple QuickTime before 7.4.5 is affected by CVE-2008-1014 where specially crafted movies can trigger handling of external URLs, allowing remote attackers to obtain sensitive information. The vulnerability is tied to QuickTime’s processing of external URLs in movies, leading to information disclos...

4.3CVSS5.8AI score0.02337EPSS
CVE
CVE
added 2008/09/10 4:0 p.m.51 views

CVE-2008-3629

CVE-2008-3629 affects Apple QuickTime before 7.5.5. The vulnerability is in the handling of PICT images, causing an out-of-bounds read and a denial of service (application crash). Affected software: QuickTime (older than 7.5.5). Impact: DoS; no evidence of remote code execution in the provided do...

4.3CVSS6AI score0.01769EPSS
CVE
CVE
added 2011/10/28 1:0 a.m.51 views

CVE-2011-3247

Apple QuickTime for Windows with versions before 7.7.1 is affected by an integer overflow in PICT file handling that can cause a heap buffer overflow, enabling remote code execution or a denial of service when processing crafted files. The vulnerability specifically involves PnPixPat PatType 3 pa...

9.3CVSS9.1AI score0.03682EPSS
CVE
CVE
added 2007/07/15 9:0 p.m.50 views

CVE-2007-2397

CVE-2007-2397 affects QuickTime for Java in Apple QuickTime prior to 7.2. The vulnerability arises because QuickTime for Java does not properly enforce permissions, allowing remote attackers to disable security controls and execute arbitrary code via crafted Java applets. Connected sources confir...

9.3CVSS7.3AI score0.06876EPSS
CVE
CVE
added 2007/07/15 9:0 p.m.49 views

CVE-2007-2392

CVE-2007-2392 : Apple QuickTime before 7.2 on Mac OS X 10.3.9/10.4.9 is affected by a memory corruption vulnerability triggered by a crafted movie file, allowing user‑assisted remote code execution. The issue is documented across multiple sources (NVD entry and CERT notes). Affected product is Qu...

9.3CVSS7.2AI score0.0606EPSS
CVE
CVE
added 2007/07/15 9:0 p.m.49 views

CVE-2007-2393

CVE-2007-2393 affects Apple QuickTime, specifically the QuickTime for Java component, prior to version 7.2. The vulnerability arises from a design flaw in the Java handling that allows remote attackers to bypass security controls and write to process memory via Java applets, potentially enabling ...

9.3CVSS7.3AI score0.06857EPSS
CVE
CVE
added 2007/11/07 8:0 p.m.49 views

CVE-2007-4672

Apple QuickTime before 7.3 contains a stack-based buffer overflow in processing PICT images due to an invalid UncompressedQuickTimeData opcode length, allowing remote code execution. Public sources (e.g., SAINT advisories and NVD entry) note the vulnerability exists and recommend upgrading to Qui...

7.6CVSS7.6AI score0.08053EPSS
CVE
CVE
added 2008/01/16 2:0 a.m.49 views

CVE-2008-0036

CVE-2008-0036 : Buffer overflow in Apple QuickTime prior to 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, triggering during decoding. Affected software: Apple QuickTime before 7.4. Root cause: overflow during decoding of the crafted PICT data. Impact i...

6.8CVSS7.5AI score0.04614EPSS
CVE
CVE
added 2008/04/04 5:0 p.m.49 views

CVE-2008-1023

CVE-2008-1023 affects Apple QuickTime on Windows prior to 7.4.5. It is a heap-based buffer overflow in Clip opcode parsing triggered by a crafted PICT image file, enabling remote code execution. Remediation mentioned is upgrading to QuickTime 7.4.5 or applying the vendor patch (HT1241). The provi...

6.8CVSS7.6AI score0.04652EPSS
CVE
CVE
added 2008/09/10 4:0 p.m.49 views

CVE-2008-3635

Apple QuickTime CVE-2008-3635 is a stack-based buffer overflow in QuickTimeInternetExtras.qtx when parsing Indeo v3.2 (IV32) in QuickTime on Windows prior to 7.5.5. The flaw arises from missing bounds checking in the IV32 codec parsing, allowing remote code execution or a crash via a crafted movi...

9.3CVSS7.9AI score0.06149EPSS
CVE
CVE
added 2008/01/16 2:0 a.m.48 views

CVE-2008-0033

Summary: CVE-2008-0033 affects Apple QuickTime prior to 7.4. The vulnerability resides in parsing of Image Descriptor (IDSC) atoms within QTIF image files, where specifying a malicious atom size can trigger an under- or mis-allocated heap condition, resulting in memory corruption. This can lead t...

9.3CVSS7.3AI score0.05419EPSS
CVE
CVE
added 2008/04/04 5:0 p.m.48 views

CVE-2008-1020

CVE-2008-1020 describes a heap-based buffer overflow in QuickTime’s quicktime.qts component when parsing Kodak-encoded PICT images, leading to arbitrary code execution under the user’s context. The vulnerability affects Apple QuickTime prior to 7.4.5 on Windows; the exploit requires opening a cra...

6.8CVSS7.6AI score0.06947EPSS
CVE
CVE
added 2008/04/04 5:0 p.m.47 views

CVE-2008-1015

CVE-2008-1015 describes a buffer overflow in the data reference atom handling of Apple QuickTime prior to version 7.4.5 . The issue allows an attacker to cause the player to terminate or execute arbitrary code when a user opens a specially crafted movie file, i.e., remote code execution is possib...

6.8CVSS7.4AI score0.0575EPSS
CVE
CVE
added 2008/04/29 11:0 p.m.46 views

CVE-2008-2010

CVE-2008-2010 is tied to Apple QuickTime Player vulnerabilities. Connected OpenVAS data show two concrete items: (1) a buffer overflow in QuickTime Player 7.3.1.70 and other versions before 7.4.1 when RTSP tunneling is enabled, allowing remote code execution via a long Reason-Phrase in an RTSP re...

9.3CVSS7.3AI score0.03368EPSS
CVE
CVE
added 2011/08/04 1:0 a.m.46 views

CVE-2011-0247

CVE-2011-0247 relates to multiple stack-based buffer overflows in Apple QuickTime on Windows, caused by improper bounds checking while parsing H.264 movie data. Exploitation allows remote arbitrary code execution or a crash (denial of service). Affected product is Apple QuickTime (Windows), with ...

9.3CVSS7.7AI score0.04982EPSS
CVE
CVE
added 2007/03/05 10:0 p.m.45 views

CVE-2007-0711

Apple QuickTime on Windows is affected by an integer overflow when processing 3GP video files in versions before 7.1.5, enabling remote user-assisted attackers to crash the application or possibly execute arbitrary code via a crafted file. The issue is associated with QuickTime 3GP handling and h...

9.3CVSS7.5AI score0.05856EPSS
CVE
CVE
added 2008/01/16 1:0 a.m.42 views

CVE-2008-0031

CVE-2008-0031 affects Apple QuickTime before 7.4. A crafted Sorenson 3 video file can trigger memory corruption, enabling remote denial of service and arbitrary code execution. Impact is via parsing the video stream; exploitation details are described in the connected sources. remediation: upgrad...

5.8CVSS7.4AI score0.03026EPSS
Total number of security vulnerabilities246