Quicktime
by Apple Inc.
CVEs (288)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3628 | 0.00 | — | 0.04 | Sep 11, 2008 | Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue." | |||
| CVE-2008-3626 | 0.00 | — | 0.05 | Sep 11, 2008 | The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application… | |||
| CVE-2008-3624 | 0.00 | — | 0.03 | Sep 11, 2008 | Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms. | |||
| CVE-2008-3615 | 0.00 | — | 0.04 | Sep 11, 2008 | ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted… | |||
| CVE-2008-3614 | 0.00 | — | 0.04 | Sep 11, 2008 | Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. | |||
| CVE-2008-1739 | 0.00 | — | 0.02 | Sep 3, 2008 | Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. | |||
| CVE-2008-1582 | 0.00 | — | 0.04 | Jun 10, 2008 | Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. | |||
| CVE-2008-1583 | 0.00 | — | 0.04 | Jun 10, 2008 | Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581. | |||
| CVE-2008-1585 | 0.00 | — | 0.04 | Jun 10, 2008 | Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally… | |||
| CVE-2008-1584 | 0.00 | — | 0.06 | Jun 10, 2008 | Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. | |||
| CVE-2008-1581 | 0.00 | — | 0.05 | Jun 10, 2008 | Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. | |||
| CVE-2008-2010 | 0.00 | — | 0.03 | Apr 30, 2008 | Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However,… | |||
| CVE-2008-1018 | 0.00 | — | 0.06 | Apr 4, 2008 | Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom. | |||
| CVE-2008-1014 | 0.00 | — | 0.02 | Apr 4, 2008 | Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | |||
| CVE-2008-1023 | 0.00 | — | 0.05 | Apr 4, 2008 | Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. | |||
| CVE-2008-1016 | 0.00 | — | 0.04 | Apr 4, 2008 | Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption. | |||
| CVE-2008-1015 | 0.00 | — | 0.06 | Apr 4, 2008 | Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. | |||
| CVE-2008-1013 | 0.00 | — | 0.04 | Apr 4, 2008 | Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. | |||
| CVE-2008-0036 | 0.00 | — | 0.05 | Jan 16, 2008 | Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. | |||
| CVE-2008-0032 | 0.00 | — | 0.04 | Jan 16, 2008 | Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. |
- CVE-2008-3628Sep 11, 2008risk 0.00cvss —epss 0.04
Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."
- CVE-2008-3626Sep 11, 2008risk 0.00cvss —epss 0.05
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…
- CVE-2008-3624Sep 11, 2008risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.
- CVE-2008-3615Sep 11, 2008risk 0.00cvss —epss 0.04
ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted…
- CVE-2008-3614Sep 11, 2008risk 0.00cvss —epss 0.04
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
- CVE-2008-1739Sep 3, 2008risk 0.00cvss —epss 0.02
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.
- CVE-2008-1582Jun 10, 2008risk 0.00cvss —epss 0.04
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption.
- CVE-2008-1583Jun 10, 2008risk 0.00cvss —epss 0.04
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581.
- CVE-2008-1585Jun 10, 2008risk 0.00cvss —epss 0.04
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally…
- CVE-2008-1584Jun 10, 2008risk 0.00cvss —epss 0.06
Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file.
- CVE-2008-1581Jun 10, 2008risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.
- CVE-2008-2010Apr 30, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However,…
- CVE-2008-1018Apr 4, 2008risk 0.00cvss —epss 0.06
Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.
- CVE-2008-1014Apr 4, 2008risk 0.00cvss —epss 0.02
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.
- CVE-2008-1023Apr 4, 2008risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.
- CVE-2008-1016Apr 4, 2008risk 0.00cvss —epss 0.04
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.
- CVE-2008-1015Apr 4, 2008risk 0.00cvss —epss 0.06
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
- CVE-2008-1013Apr 4, 2008risk 0.00cvss —epss 0.04
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.
- CVE-2008-0036Jan 16, 2008risk 0.00cvss —epss 0.05
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.
- CVE-2008-0032Jan 16, 2008risk 0.00cvss —epss 0.04
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.
Page 12 of 15