iTunes
by Apple Inc.
CVEs (625)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-0950 | 0.05 | — | 0.29 | Jun 2, 2009 | Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon. | |||
| CVE-2018-4443 | 0.04 | — | 0.06 | Apr 3, 2019 | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | |||
| CVE-2018-4382 | 0.04 | — | 0.06 | Apr 3, 2019 | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | |||
| CVE-2012-0677 | 0.04 | — | 0.15 | Jun 12, 2012 | Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. | |||
| CVE-2009-2817 | 0.04 | — | 0.09 | Sep 24, 2009 | Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file. | |||
| CVE-2008-5406 | 0.04 | — | 0.10 | Dec 10, 2008 | Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." | |||
| CVE-2008-4116 | 0.04 | — | 0.12 | Sep 18, 2008 | Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly… | |||
| CVE-2007-1008 | 0.03 | — | 0.02 | Feb 20, 2007 | Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to… | |||
| CVE-2013-0992 | 0.01 | — | 0.09 | May 20, 2013 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs… | |||
| CVE-2011-0192 | 0.01 | — | 0.07 | Mar 3, 2011 | Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF… | |||
| CVE-2011-0191 | 0.01 | — | 0.07 | Mar 3, 2011 | Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG… | |||
| CVE-2010-4494 | 0.01 | — | 0.08 | Dec 7, 2010 | Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||
| CVE-2010-1769 | 0.01 | — | 0.07 | Jun 18, 2010 | WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted… | |||
| CVE-2010-0040 | 0.01 | — | 0.06 | Mar 15, 2010 | Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. | |||
| CVE-2006-1467 | 0.01 | — | 0.07 | Jun 29, 2006 | Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a… | |||
| CVE-2005-4092 | 0.01 | — | 0.09 | Dec 8, 2005 | Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value,… | |||
| CVE-2024-44157 | 0.00 | — | 0.00 | Oct 11, 2024 | A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination. | |||
| CVE-2023-32351 | 0.00 | — | 0.00 | Jun 23, 2023 | A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges. | |||
| CVE-2023-32353 | 0.00 | — | 0.01 | Jun 23, 2023 | A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges. | |||
| CVE-2022-26774 | 0.00 | — | 0.00 | May 26, 2022 | A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. |
- CVE-2009-0950Jun 2, 2009risk 0.05cvss —epss 0.29
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
- CVE-2018-4443Apr 3, 2019risk 0.04cvss —epss 0.06
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
- CVE-2018-4382Apr 3, 2019risk 0.04cvss —epss 0.06
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
- CVE-2012-0677Jun 12, 2012risk 0.04cvss —epss 0.15
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
- CVE-2009-2817Sep 24, 2009risk 0.04cvss —epss 0.09
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
- CVE-2008-5406Dec 10, 2008risk 0.04cvss —epss 0.10
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
- CVE-2008-4116Sep 18, 2008risk 0.04cvss —epss 0.12
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly…
- CVE-2007-1008Feb 20, 2007risk 0.03cvss —epss 0.02
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to…
- CVE-2013-0992May 20, 2013risk 0.01cvss —epss 0.09
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…
- CVE-2011-0192Mar 3, 2011risk 0.01cvss —epss 0.07
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF…
- CVE-2011-0191Mar 3, 2011risk 0.01cvss —epss 0.07
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG…
- CVE-2010-4494Dec 7, 2010risk 0.01cvss —epss 0.08
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
- CVE-2010-1769Jun 18, 2010risk 0.01cvss —epss 0.07
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted…
- CVE-2010-0040Mar 15, 2010risk 0.01cvss —epss 0.06
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.
- CVE-2006-1467Jun 29, 2006risk 0.01cvss —epss 0.07
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a…
- CVE-2005-4092Dec 8, 2005risk 0.01cvss —epss 0.09
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value,…
- CVE-2024-44157Oct 11, 2024risk 0.00cvss —epss 0.00
A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.
- CVE-2023-32351Jun 23, 2023risk 0.00cvss —epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges.
- CVE-2023-32353Jun 23, 2023risk 0.00cvss —epss 0.01
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.
- CVE-2022-26774May 26, 2022risk 0.00cvss —epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
Page 8 of 32