Quicktime
by Apple Inc.
CVEs (288)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0588 | 0.00 | — | 0.06 | Jan 30, 2007 | The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that… | |||
| CVE-2006-4386 | 0.00 | — | 0.06 | Sep 12, 2006 | Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. | |||
| CVE-2006-4381 | 0.00 | — | 0.04 | Sep 12, 2006 | Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. | |||
| CVE-2006-4388 | 0.00 | — | 0.06 | Sep 12, 2006 | Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. | |||
| CVE-2006-1462 | 0.00 | — | 0.04 | May 12, 2006 | Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file. | |||
| CVE-2006-1461 | 0.00 | — | 0.05 | May 12, 2006 | Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file. | |||
| CVE-2006-1465 | 0.00 | — | 0.05 | May 12, 2006 | Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file. | |||
| CVE-2006-1458 | 0.00 | — | 0.04 | May 12, 2006 | Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. | |||
| CVE-2006-1460 | 0.00 | — | 0.06 | May 12, 2006 | Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom. | |||
| CVE-2006-1459 | 0.00 | — | 0.04 | May 12, 2006 | Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV). | |||
| CVE-2006-1249 | 0.00 | — | 0.06 | Mar 19, 2006 | Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. | |||
| CVE-2005-3711 | 0.00 | — | 0.04 | Dec 31, 2005 | Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values. | |||
| CVE-2005-3708 | 0.00 | — | 0.03 | Dec 31, 2005 | Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. | |||
| CVE-2005-3709 | 0.00 | — | 0.04 | Dec 31, 2005 | Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file. | |||
| CVE-2005-2753 | 0.00 | — | 0.02 | Nov 5, 2005 | Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string. | |||
| CVE-2005-2756 | 0.00 | — | 0.04 | Nov 5, 2005 | Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion. | |||
| CVE-2005-2755 | 0.00 | — | 0.02 | Nov 5, 2005 | Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference. | |||
| CVE-2005-2754 | 0.00 | — | 0.02 | Nov 5, 2005 | Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes." | |||
| CVE-2005-2743 | 0.00 | — | 0.05 | Oct 26, 2005 | The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code. | |||
| CVE-2005-1579 | 0.00 | — | 0.02 | May 12, 2005 | Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker. |
- CVE-2007-0588Jan 30, 2007risk 0.00cvss —epss 0.06
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that…
- CVE-2006-4386Sep 12, 2006risk 0.00cvss —epss 0.06
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.
- CVE-2006-4381Sep 12, 2006risk 0.00cvss —epss 0.04
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.
- CVE-2006-4388Sep 12, 2006risk 0.00cvss —epss 0.06
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.
- CVE-2006-1462May 12, 2006risk 0.00cvss —epss 0.04
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file.
- CVE-2006-1461May 12, 2006risk 0.00cvss —epss 0.05
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file.
- CVE-2006-1465May 12, 2006risk 0.00cvss —epss 0.05
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file.
- CVE-2006-1458May 12, 2006risk 0.00cvss —epss 0.04
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image.
- CVE-2006-1460May 12, 2006risk 0.00cvss —epss 0.06
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.
- CVE-2006-1459May 12, 2006risk 0.00cvss —epss 0.04
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV).
- CVE-2006-1249Mar 19, 2006risk 0.00cvss —epss 0.06
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.
- CVE-2005-3711Dec 31, 2005risk 0.00cvss —epss 0.04
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.
- CVE-2005-3708Dec 31, 2005risk 0.00cvss —epss 0.03
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
- CVE-2005-3709Dec 31, 2005risk 0.00cvss —epss 0.04
Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file.
- CVE-2005-2753Nov 5, 2005risk 0.00cvss —epss 0.02
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
- CVE-2005-2756Nov 5, 2005risk 0.00cvss —epss 0.04
Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion.
- CVE-2005-2755Nov 5, 2005risk 0.00cvss —epss 0.02
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.
- CVE-2005-2754Nov 5, 2005risk 0.00cvss —epss 0.02
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."
- CVE-2005-2743Oct 26, 2005risk 0.00cvss —epss 0.05
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
- CVE-2005-1579May 12, 2005risk 0.00cvss —epss 0.02
Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.
Page 14 of 15