Quicktime
by Apple Inc.
CVEs (288)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3625 | 0.01 | — | 0.07 | Sep 11, 2008 | Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView… | |||
| CVE-2008-1019 | 0.01 | — | 0.07 | Apr 4, 2008 | Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop. | |||
| CVE-2008-1021 | 0.01 | — | 0.07 | Apr 4, 2008 | Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. | |||
| CVE-2008-1020 | 0.01 | — | 0.07 | Apr 4, 2008 | Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages. | |||
| CVE-2008-1022 | 0.01 | — | 0.07 | Apr 4, 2008 | Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size. | |||
| CVE-2008-1017 | 0.01 | — | 0.07 | Apr 4, 2008 | Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. | |||
| CVE-2007-4672 | 0.01 | — | 0.08 | Nov 7, 2007 | Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image. | |||
| CVE-2007-3750 | 0.01 | — | 0.06 | Nov 7, 2007 | Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file. | |||
| CVE-2007-2395 | 0.01 | — | 0.07 | Nov 7, 2007 | Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption." | |||
| CVE-2007-2396 | 0.01 | — | 0.07 | Jul 15, 2007 | The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. | |||
| CVE-2007-2397 | 0.01 | — | 0.07 | Jul 15, 2007 | QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets. | |||
| CVE-2007-2393 | 0.01 | — | 0.07 | Jul 15, 2007 | The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. | |||
| CVE-2007-2295 | 0.01 | — | 0.07 | Apr 26, 2007 | Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file. | |||
| CVE-2007-0714 | 0.01 | — | 0.08 | Mar 5, 2007 | Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. | |||
| CVE-2007-0712 | 0.01 | — | 0.07 | Mar 5, 2007 | Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. | |||
| CVE-2006-4385 | 0.01 | — | 0.06 | Sep 12, 2006 | Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image. | |||
| CVE-2006-4389 | 0.01 | — | 0.07 | Sep 12, 2006 | Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. | |||
| CVE-2006-4382 | 0.01 | — | 0.07 | Sep 12, 2006 | Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. | |||
| CVE-2006-2238 | 0.01 | — | 0.07 | May 12, 2006 | Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue was originally included as item 3 in CVE-2006-1983, but it has been given a… | |||
| CVE-2006-1463 | 0.01 | — | 0.07 | May 12, 2006 | Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value. |
- CVE-2008-3625Sep 11, 2008risk 0.01cvss —epss 0.07
Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView…
- CVE-2008-1019Apr 4, 2008risk 0.01cvss —epss 0.07
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.
- CVE-2008-1021Apr 4, 2008risk 0.01cvss —epss 0.07
Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding.
- CVE-2008-1020Apr 4, 2008risk 0.01cvss —epss 0.07
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.
- CVE-2008-1022Apr 4, 2008risk 0.01cvss —epss 0.07
Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.
- CVE-2008-1017Apr 4, 2008risk 0.01cvss —epss 0.07
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
- CVE-2007-4672Nov 7, 2007risk 0.01cvss —epss 0.08
Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.
- CVE-2007-3750Nov 7, 2007risk 0.01cvss —epss 0.06
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
- CVE-2007-2395Nov 7, 2007risk 0.01cvss —epss 0.07
Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."
- CVE-2007-2396Jul 15, 2007risk 0.01cvss —epss 0.07
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.
- CVE-2007-2397Jul 15, 2007risk 0.01cvss —epss 0.07
QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.
- CVE-2007-2393Jul 15, 2007risk 0.01cvss —epss 0.07
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.
- CVE-2007-2295Apr 26, 2007risk 0.01cvss —epss 0.07
Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.
- CVE-2007-0714Mar 5, 2007risk 0.01cvss —epss 0.08
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.
- CVE-2007-0712Mar 5, 2007risk 0.01cvss —epss 0.07
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.
- CVE-2006-4385Sep 12, 2006risk 0.01cvss —epss 0.06
Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.
- CVE-2006-4389Sep 12, 2006risk 0.01cvss —epss 0.07
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.
- CVE-2006-4382Sep 12, 2006risk 0.01cvss —epss 0.07
Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.
- CVE-2006-2238May 12, 2006risk 0.01cvss —epss 0.07
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue was originally included as item 3 in CVE-2006-1983, but it has been given a…
- CVE-2006-1463May 12, 2006risk 0.01cvss —epss 0.07
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value.
Page 4 of 15