VYPR

Quicktime

by Apple Inc.

CVEs (288)

  • CVE-2015-7085MedJan 9, 2016
    risk 0.43cvss 6.6epss 0.01

    Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089,…

  • CVE-2007-2175Apr 24, 2007
    risk 0.10cvss epss 0.84

    Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory…

  • CVE-2011-0257Aug 15, 2011
    risk 0.08cvss epss 0.60

    Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.

  • CVE-2007-0015Jan 1, 2007
    risk 0.07cvss epss 0.48

    Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.

  • CVE-2013-1017May 24, 2013
    risk 0.06cvss epss 0.33

    Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.

  • CVE-2012-3753Nov 9, 2012
    risk 0.06cvss epss 0.35

    Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.

  • CVE-2012-3752Nov 9, 2012
    risk 0.06cvss epss 0.36

    Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.

  • CVE-2010-1818Aug 31, 2010
    risk 0.06cvss epss 0.43

    The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.

  • CVE-2010-1799Aug 16, 2010
    risk 0.06cvss epss 0.34

    Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

  • CVE-2007-6166Nov 29, 2007
    risk 0.06cvss epss 0.42

    Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

  • CVE-2012-0663May 16, 2012
    risk 0.05cvss epss 0.29

    Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.

  • CVE-2005-2340Dec 31, 2005
    risk 0.05cvss epss 0.26

    Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.

  • CVE-2012-3755Nov 9, 2012
    risk 0.04cvss epss 0.10

    Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.

  • CVE-2010-0520Mar 30, 2010
    risk 0.04cvss epss 0.19

    Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length…

  • CVE-2010-0519Mar 30, 2010
    risk 0.04cvss epss 0.09

    Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.

  • CVE-2009-0955Jun 2, 2009
    risk 0.04cvss epss 0.10

    Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."

  • CVE-2008-5406Dec 10, 2008
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."

  • CVE-2008-4116Sep 18, 2008
    risk 0.04cvss epss 0.12

    Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly…

  • CVE-2008-0778Feb 14, 2008
    risk 0.04cvss epss 0.09

    Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3)…

  • CVE-2008-0234Jan 11, 2008
    risk 0.04cvss epss 0.12

    Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.

Page 2 of 15