246 matches found
CVE-2008-4116
CVE-2008-4116 concerns Apple QuickTime 7.5.5 and iTunes 8.0. The vulnerability is a heap-based buffer overflow triggered by a long type attribute in a QuickTime tag (on a web page or embedded in .mp4/.mov), related to an off-by-one error and potentially associated with Check_stack_cookie. Consequ...
CVE-2009-0954
Apple QuickTime for Windows is affected by CVE-2009-0954 due to a heap-based buffer overflow when parsing Clipping Region (CRGN) atoms in QuickTime movie files. The issue allows remote code execution or denial of service via a crafted movie file, with the root cause being improper bounds checks d...
CVE-2011-0245
Apple QuickTime prior to version 7.7 is affected by a buffer overflow in the handling of pict files, allowing remote code execution or denial of service. Affected component: QuickTime (Windows/Mac). Root cause: buffer overflow when parsing pict data. Impact: arbitrary code execution or applicatio...
CVE-2006-1463
Apple QuickTime before 7.1 is affected by a heap-based buffer overflow in the H.264 (M4V) parsing path. The vulnerability arises from a memory copy loop that trusts a user-supplied size value, enabling remote code execution when a malformed video file is opened or embedded. The issue is documente...
CVE-2006-4388
Apple QuickTime (Mac and Windows) contains an integer overflow in FlashPix (FPX) format handling, listed as CVE-2006-4388, enabling user-assisted remote code execution via a crafted FPX file. Public advisories (GLSA 200803-08, etc.) group these with other QuickTime format issues and note that App...
CVE-2007-0059
CVE-2007-0059 is a cross-zone scripting vulnerability in Apple QuickTime 3–7.1.3 . A QuickTime movie (.MOV) with an HREF Track that contains an automatic action tag with a local URI can execute in the local zone during preview, enabling remote user‑assisted execution and the ability to list files...
CVE-2007-0712
Apple QuickTime (Windows/macOS) before 7.1.5 is affected by a heap-based buffer overflow when processing MIDI files, allowing remote, user-assisted attackers to cause a denial of service and possibly execute arbitrary code. The issue is triggered by crafted MIDI data and is documented as CVE-2007...
CVE-2007-2396
CVE-2007-2396 concerns the JDirect support in QuickTime for Java within Apple QuickTime prior to version 7.2. The vulnerability arises because JDirect exposes dangerous interfaces that can be abused by remote attackers via crafted Java applets to achieve arbitrary code execution. Some sources exp...
CVE-2007-4706
Apple QuickTime prior to version 7.3.1 is affected by a heap-based buffer overflow in the QTL file parsing that can allow a remote attacker to execute arbitrary code. This vulnerability affects QuickTime on multiple platforms referenced in CVE-2007-4706, with an impact described as potential remo...
CVE-2008-1582
Apple QuickTime before 7.5 contains a memory corruption vulnerability in handling AAC-encoded media, allowing remote attackers to crash the player and potentially execute arbitrary code by opening a crafted AAC file. This CVE (CVE-2008-1582) is part of a set of related issues affecting QuickTime
CVE-2008-3625
Apple QuickTime before 7.5.5 is affected by a stack-based buffer overflow in the PDAT atom of QuickTime VR (QTVR) files, triggered by crafted panorama track elements (maxTilt, minFieldOfView, maxFieldOfView). Exploitation can lead to remote code execution or a denial of service. Remediation: upgr...
CVE-2009-0004
Apple QuickTime prior to 7.6 is affected by multiple CVEs including CVE-2009-0004, where a buffer overflow in QuickTime’s handling of MPEG-2/MP3 content can cause application termination or arbitrary code execution. The OpenVAS/Nessus entries reference Windows and Mac OS X variants of QuickTime
CVE-2009-0956
Apple QuickTime before 7.6.2 contains an uninitialized memory access in handling movie files, allowing remote code execution or a crash via a movie containing a user data atom of size zero. The CVE-2009-0956 entry is part of a set of related QuickTime vulnerabilities; remediation is to apply the ...
CVE-2012-0265
CVE-2012-0265 is a stack-based buffer overflow in Apple QuickTime prior to 7.7.2 on Windows, exploitable via a crafted file pathname to execute arbitrary code or cause a crash. Public references confirm multiple CVEs around QuickTime 7.7.2 vulnerabilities and list CVE-2012-0265 among them. The Op...
CVE-2013-1015
Apple QuickTime TeXML memory corruption vulnerability (CVE-2013-1015) exists due to insufficient validation of coordinates in textBox/defaultTextBox within TeXML files. A remote attacker could trigger memory corruption, enabling arbitrary code execution or crash. Public reports (ZDI-13-112) descr...
CVE-2013-1016
CVE-2013-1016: Apple QuickTime before 7.7.4 contains a buffer overflow in the H.263 parsing path that can lead to remote code execution or a denial of service when processing crafted movie files. ZDI and multiple advisories describe this as a remote-code-execution vulnerability in QuickTime’s han...
CVE-2004-0988
CVE-2004-0988 affects Apple QuickTime prior to 6.5.2 on Windows. The issue is an integer overflow in QuickTime components that can trigger a large memory operation, leading to memory consumption and a potential denial of service. Multiple sources (NVD, Red Hat, CVE, CVE List) describe the same ro...
CVE-2005-3710
Summary: CVE-2005-3710 is an Apple QuickTime TIFF handling vulnerability. A crafted TIFF image with modified ImageWidth triggers an integer overflow in QuickTime before version 7.0.4, which could allow remote code execution or a denial of service on affected systems (Mac OS X and Windows). Severa...
CVE-2006-1459
CVE-2006-1459 refers to multiple integer overflows in Apple QuickTime before 7.1 that allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV). The vulnerability affects QuickTime on Mac OS X and Windows prior to 7.1; exploitation involves...
CVE-2007-0754
Apple QuickTime before 7.1.3 is affected by a heap-based buffer overflow in the STSD atom size parsing, allowing user-assisted remote code execution via a crafted QuickTime movie. The issue is tied to the STSD parsing path in QuickTime; vendor patch available in QuickTime 7.1.3. If not upgrading,...
CVE-2008-1739
Apple QuickTime before 7.4.5 is affected by CVE-2008-1739. The flaw allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, triggering memory corruption. Affected component: QuickTime parsing of ftyp atoms in MP4/MOV...
CVE-2009-0003
Apple QuickTime prior to 7.6 contains a heap-based buffer overflow in processing AVI headers, specifically when the nBlockAlign value in the _WAVEFORMATEX structure is malformed. Consequences cited include possible DoS (application termination) and arbitrary code execution. CVE-2009-0003 is corro...
CVE-2009-0953
CVE-2009-0953 affects Apple QuickTime prior to 7.6.2, where handling of PICT images can cause a heap-based buffer overflow, enabling remote code execution or a denial of service. Affected products are QuickTime on Windows and Mac OS X as part of the QuickTime suite. The vulnerability stems from p...
CVE-2002-0376
Technical details about CVE-2002-0376 are not publicly provided in the supplied documents. Monitor for updates for affected products, vulnerable components and fixes; no concrete exploit vectors or mitigations are described here.
CVE-2006-2238
CVE-2006-2238 describes a heap-based buffer overflow in Apple QuickTime before 7.1 triggered by a crafted BMP file that overflows in the ReadBMP function, allowing remote code execution. The vulnerability affects QuickTime’s BMP handling across multiple products; exploitation details and affected...
CVE-2008-1584
Apple QuickTime before 7.5 is affected by a stack-based buffer overflow in Indeo.qtx when parsing Indeo video content, allowing remote attackers to crash the player or execute arbitrary code via crafted movie files. The vulnerability stems from inadequate bounds checking in Indeo.qtx. Affected pr...
CVE-2009-0188
CVE-2009-0188 concerns Apple QuickTime before 7.6.2, where a crafted Sorenson 3 video file can cause memory corruption, leading to arbitrary code execution or an application crash. The vulnerability is part of a set of QuickTime parsing flaws (including how it handles Sorenson Video 3 content and...
CVE-2005-3709
Apple QuickTime Player before 7.0.4 is affected by an integer underflow in the Color Map Entry Size when parsing TGA images, potentially allowing a remote attacker to cause a crash or execute arbitrary code. Fortinet/Apple advisories confirm the issue is triggered by specially crafted TGA files a...
CVE-2006-1462
CVE-2006-1462 concerns multiple integer overflows in Apple QuickTime prior to 7.1 that allow remote code execution via crafted QuickTime H.264 (M4V) files. Affected platforms include QuickTime on Mac OS X and Windows versions before 7.1. The NVD entry reports a base score of 5.1 (Medium) with net...
CVE-2007-2397
CVE-2007-2397 affects QuickTime for Java in Apple QuickTime prior to 7.2. The vulnerability arises because QuickTime for Java does not properly enforce permissions, allowing remote attackers to disable security controls and execute arbitrary code via crafted Java applets. Connected sources confir...
CVE-2008-1014
Apple QuickTime before 7.4.5 is affected by CVE-2008-1014 where specially crafted movies can trigger handling of external URLs, allowing remote attackers to obtain sensitive information. The vulnerability is tied to QuickTime’s processing of external URLs in movies, leading to information disclos...
CVE-2008-3629
CVE-2008-3629 affects Apple QuickTime before 7.5.5. The vulnerability is in the handling of PICT images, causing an out-of-bounds read and a denial of service (application crash). Affected software: QuickTime (older than 7.5.5). Impact: DoS; no evidence of remote code execution in the provided do...
CVE-2011-3247
Apple QuickTime for Windows with versions before 7.7.1 is affected by an integer overflow in PICT file handling that can cause a heap buffer overflow, enabling remote code execution or a denial of service when processing crafted files. The vulnerability specifically involves PnPixPat PatType 3 pa...
CVE-2007-2392
CVE-2007-2392 : Apple QuickTime before 7.2 on Mac OS X 10.3.9/10.4.9 is affected by a memory corruption vulnerability triggered by a crafted movie file, allowing user‑assisted remote code execution. The issue is documented across multiple sources (NVD entry and CERT notes). Affected product is Qu...
CVE-2007-2393
CVE-2007-2393 affects Apple QuickTime, specifically the QuickTime for Java component, prior to version 7.2. The vulnerability arises from a design flaw in the Java handling that allows remote attackers to bypass security controls and write to process memory via Java applets, potentially enabling ...
CVE-2007-4672
Apple QuickTime before 7.3 contains a stack-based buffer overflow in processing PICT images due to an invalid UncompressedQuickTimeData opcode length, allowing remote code execution. Public sources (e.g., SAINT advisories and NVD entry) note the vulnerability exists and recommend upgrading to Qui...
CVE-2008-0036
CVE-2008-0036 : Buffer overflow in Apple QuickTime prior to 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, triggering during decoding. Affected software: Apple QuickTime before 7.4. Root cause: overflow during decoding of the crafted PICT data. Impact i...
CVE-2008-1023
CVE-2008-1023 affects Apple QuickTime on Windows prior to 7.4.5. It is a heap-based buffer overflow in Clip opcode parsing triggered by a crafted PICT image file, enabling remote code execution. Remediation mentioned is upgrading to QuickTime 7.4.5 or applying the vendor patch (HT1241). The provi...
CVE-2008-3635
Apple QuickTime CVE-2008-3635 is a stack-based buffer overflow in QuickTimeInternetExtras.qtx when parsing Indeo v3.2 (IV32) in QuickTime on Windows prior to 7.5.5. The flaw arises from missing bounds checking in the IV32 codec parsing, allowing remote code execution or a crash via a crafted movi...
CVE-2008-0033
Summary: CVE-2008-0033 affects Apple QuickTime prior to 7.4. The vulnerability resides in parsing of Image Descriptor (IDSC) atoms within QTIF image files, where specifying a malicious atom size can trigger an under- or mis-allocated heap condition, resulting in memory corruption. This can lead t...
CVE-2008-1020
CVE-2008-1020 describes a heap-based buffer overflow in QuickTime’s quicktime.qts component when parsing Kodak-encoded PICT images, leading to arbitrary code execution under the user’s context. The vulnerability affects Apple QuickTime prior to 7.4.5 on Windows; the exploit requires opening a cra...
CVE-2008-1015
CVE-2008-1015 describes a buffer overflow in the data reference atom handling of Apple QuickTime prior to version 7.4.5 . The issue allows an attacker to cause the player to terminate or execute arbitrary code when a user opens a specially crafted movie file, i.e., remote code execution is possib...
CVE-2007-0711
Apple QuickTime on Windows is affected by an integer overflow when processing 3GP video files in versions before 7.1.5, enabling remote user-assisted attackers to crash the application or possibly execute arbitrary code via a crafted file. The issue is associated with QuickTime 3GP handling and h...
CVE-2008-2010
CVE-2008-2010 is tied to Apple QuickTime Player vulnerabilities. Connected OpenVAS data show two concrete items: (1) a buffer overflow in QuickTime Player 7.3.1.70 and other versions before 7.4.1 when RTSP tunneling is enabled, allowing remote code execution via a long Reason-Phrase in an RTSP re...
CVE-2011-0247
CVE-2011-0247 relates to multiple stack-based buffer overflows in Apple QuickTime on Windows, caused by improper bounds checking while parsing H.264 movie data. Exploitation allows remote arbitrary code execution or a crash (denial of service). Affected product is Apple QuickTime (Windows), with ...
CVE-2008-0031
CVE-2008-0031 affects Apple QuickTime before 7.4. A crafted Sorenson 3 video file can trigger memory corruption, enabling remote denial of service and arbitrary code execution. Impact is via parsing the video stream; exploitation details are described in the connected sources. remediation: upgrad...