VYPR

iTunes

by Apple Inc.

CVEs (625)

  • CVE-2009-0950Jun 2, 2009
    risk 0.05cvss epss 0.29

    Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.

  • CVE-2018-4443Apr 3, 2019
    risk 0.04cvss epss 0.06

    A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

  • CVE-2018-4382Apr 3, 2019
    risk 0.04cvss epss 0.06

    Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

  • CVE-2012-0677Jun 12, 2012
    risk 0.04cvss epss 0.15

    Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.

  • CVE-2009-2817Sep 24, 2009
    risk 0.04cvss epss 0.09

    Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.

  • CVE-2008-5406Dec 10, 2008
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."

  • CVE-2008-4116Sep 18, 2008
    risk 0.04cvss epss 0.12

    Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly…

  • CVE-2007-1008Feb 20, 2007
    risk 0.03cvss epss 0.02

    Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to…

  • CVE-2013-0992May 20, 2013
    risk 0.01cvss epss 0.09

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2011-0192Mar 3, 2011
    risk 0.01cvss epss 0.07

    Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF…

  • CVE-2011-0191Mar 3, 2011
    risk 0.01cvss epss 0.07

    Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG…

  • CVE-2010-4494Dec 7, 2010
    risk 0.01cvss epss 0.08

    Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

  • CVE-2010-1769Jun 18, 2010
    risk 0.01cvss epss 0.07

    WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted…

  • CVE-2010-0040Mar 15, 2010
    risk 0.01cvss epss 0.06

    Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

  • CVE-2006-1467Jun 29, 2006
    risk 0.01cvss epss 0.07

    Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a…

  • CVE-2005-4092Dec 8, 2005
    risk 0.01cvss epss 0.09

    Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value,…

  • CVE-2024-44157Oct 11, 2024
    risk 0.00cvss epss 0.00

    A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.

  • CVE-2023-32351Jun 23, 2023
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges.

  • CVE-2023-32353Jun 23, 2023
    risk 0.00cvss epss 0.01

    A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.

  • CVE-2022-26774May 26, 2022
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.

Page 8 of 32