VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 3, 2015· Updated May 6, 2026

CVE-2015-3663

CVE-2015-3663

Description

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in QuickTime 7.7.6 and earlier allows remote code execution or denial of service via a crafted file.

Vulnerability

A memory corruption issue exists in the QT Media Foundation component of Apple QuickTime before version 7.7.7, as used in OS X before 10.10.4 and other products. The vulnerability can be triggered by processing a maliciously crafted file, leading to an unexpected application termination or arbitrary code execution [1][2].

Exploitation

The attacker must deliver a specially crafted file to the target user. No authentication or special network position is required beyond the ability to serve the file (e.g., via email, web download, or other means). User interaction is required, such as opening the malicious file with a vulnerable version of QuickTime [1][2].

Impact

Successful exploitation can result in arbitrary code execution in the context of the logged-on user, or a denial of service due to memory corruption. The attacker gains the ability to execute arbitrary commands, install programs, view/change/delete data, or create new accounts with full user rights [1][2].

Mitigation

Apple has released QuickTime 7.7.7 and OS X 10.10.4 to address this vulnerability. Users should update their software via the Software Update mechanism or from the Apple Support website. There is no publicly known workaround for users who cannot apply the patch [1][2].

References
  1. About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 - Apple Support
  2. About the security content of QuickTime 7.7.7 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Apple Inc./Quicktime2 versions
    cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*range: <=7.7.6
    • (no CPE)range: <7.7.7
  • Apple Inc./Mac Os X
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <=10.10.3
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.10.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.