VYPR

Quicktime

by Apple Inc.

CVEs (288)

  • CVE-2007-4676Nov 7, 2007
    risk 0.04cvss epss 0.47

    Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.

  • CVE-2007-4677Nov 7, 2007
    risk 0.04cvss epss 0.47

    Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.

  • CVE-2007-2394Jul 15, 2007
    risk 0.04cvss epss 0.12

    Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.

  • CVE-2007-0462Jan 26, 2007
    risk 0.04cvss epss 0.07

    The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a…

  • CVE-2006-4965Sep 25, 2006
    risk 0.04cvss epss 0.12

    Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original…

  • CVE-2006-4384Sep 12, 2006
    risk 0.04cvss epss 0.15

    Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.

  • CVE-2002-0252May 29, 2002
    risk 0.04cvss epss 0.11

    Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.

  • CVE-2001-0198May 3, 2001
    risk 0.04cvss epss 0.06

    Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.

  • CVE-2007-4675Nov 7, 2007
    risk 0.03cvss epss 0.33

    Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama…

  • CVE-2007-0059Jan 5, 2007
    risk 0.03cvss epss 0.06

    Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which…

  • CVE-2007-3751Nov 7, 2007
    risk 0.02cvss epss 0.26

    Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.

  • CVE-2010-0529Mar 31, 2010
    risk 0.01cvss epss 0.12

    Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a…

  • CVE-2009-0951Jun 2, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.

  • CVE-2009-0010May 13, 2009
    risk 0.01cvss epss 0.08

    Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a…

  • CVE-2009-0007Jan 21, 2009
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.

  • CVE-2009-0006Jan 21, 2009
    risk 0.01cvss epss 0.08

    Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.

  • CVE-2009-0003Jan 21, 2009
    risk 0.01cvss epss 0.09

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.

  • CVE-2009-0002Jan 21, 2009
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.

  • CVE-2009-0001Jan 21, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.

  • CVE-2008-3627Sep 11, 2008
    risk 0.01cvss epss 0.09

    Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote…

Page 3 of 15