VYPR

Quicktime

by Apple Inc.

CVEs (288)

  • CVE-2008-0033Jan 16, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.

  • CVE-2008-0031Jan 16, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.

  • CVE-2007-4707Dec 15, 2007
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.

  • CVE-2007-4706Dec 15, 2007
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file.

  • CVE-2007-6238Dec 4, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability…

  • CVE-2007-4674Nov 27, 2007
    risk 0.00cvss epss 0.04

    An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.

  • CVE-2007-4673Oct 4, 2007
    risk 0.00cvss epss 0.02

    Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.

  • CVE-2007-5045Sep 24, 2007
    risk 0.00cvss epss 0.03

    Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext…

  • CVE-2007-2392Jul 15, 2007
    risk 0.00cvss epss 0.06

    Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption.

  • CVE-2007-2402Jul 15, 2007
    risk 0.00cvss epss 0.03

    QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.

  • CVE-2007-2389May 29, 2007
    risk 0.00cvss epss 0.03

    Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.

  • CVE-2007-2388May 29, 2007
    risk 0.00cvss epss 0.06

    Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to…

  • CVE-2007-0754May 14, 2007
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.

  • CVE-2007-2296Apr 26, 2007
    risk 0.00cvss epss 0.06

    Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file.

  • CVE-2007-0716Mar 5, 2007
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

  • CVE-2007-0718Mar 5, 2007
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory…

  • CVE-2007-0711Mar 5, 2007
    risk 0.00cvss epss 0.06

    Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.

  • CVE-2007-0715Mar 5, 2007
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.

  • CVE-2007-0713Mar 5, 2007
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.

  • CVE-2007-0717Mar 5, 2007
    risk 0.00cvss epss 0.05

    Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.