VYPR

Quicktime

by Apple Inc.

CVEs (288)

  • CVE-2008-3628Sep 11, 2008
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."

  • CVE-2008-3626Sep 11, 2008
    risk 0.00cvss epss 0.05

    The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…

  • CVE-2008-3624Sep 11, 2008
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.

  • CVE-2008-3615Sep 11, 2008
    risk 0.00cvss epss 0.04

    ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted…

  • CVE-2008-3614Sep 11, 2008
    risk 0.00cvss epss 0.04

    Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.

  • CVE-2008-1739Sep 3, 2008
    risk 0.00cvss epss 0.02

    Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.

  • CVE-2008-1582Jun 10, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption.

  • CVE-2008-1583Jun 10, 2008
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581.

  • CVE-2008-1585Jun 10, 2008
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally…

  • CVE-2008-1584Jun 10, 2008
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file.

  • CVE-2008-1581Jun 10, 2008
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.

  • CVE-2008-2010Apr 30, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However,…

  • CVE-2008-1018Apr 4, 2008
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.

  • CVE-2008-1014Apr 4, 2008
    risk 0.00cvss epss 0.02

    Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.

  • CVE-2008-1023Apr 4, 2008
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.

  • CVE-2008-1016Apr 4, 2008
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.

  • CVE-2008-1015Apr 4, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.

  • CVE-2008-1013Apr 4, 2008
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.

  • CVE-2008-0036Jan 16, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.

  • CVE-2008-0032Jan 16, 2008
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.

Page 12 of 15