Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Quicktime
Total 250 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0714 2 Apple, Microsoft 3 Mac Os X, Quicktime, Windows 2024-11-21 9.3 HIGH N/A
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.
CVE-2007-0713 1 Apple 1 Quicktime 2024-11-21 5.8 MEDIUM N/A
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.
CVE-2007-0712 2 Apple, Microsoft 3 Mac Os X, Quicktime, Windows 2024-11-21 9.3 HIGH N/A
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.
CVE-2007-0711 2 Apple, Microsoft 2 Quicktime, Windows 2024-11-21 9.3 HIGH N/A
Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.
CVE-2007-0588 1 Apple 2 Mac Os X, Quicktime 2024-11-21 7.1 HIGH N/A
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.
CVE-2007-0462 1 Apple 2 Mac Os X, Quicktime 2024-11-21 10.0 HIGH N/A
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.
CVE-2007-0059 1 Apple 1 Quicktime 2024-11-21 6.8 MEDIUM N/A
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
CVE-2007-0015 1 Apple 1 Quicktime 2024-11-21 6.8 MEDIUM N/A
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
CVE-2006-4965 1 Apple 1 Quicktime 2024-11-21 5.0 MEDIUM N/A
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
CVE-2006-4389 1 Apple 1 Quicktime 2024-11-21 5.1 MEDIUM N/A
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.
CVE-2006-4388 1 Apple 1 Quicktime 2024-11-21 5.1 MEDIUM N/A
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.
CVE-2006-4386 1 Apple 1 Quicktime 2024-11-21 5.1 MEDIUM N/A
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.
CVE-2006-4385 1 Apple 1 Quicktime 2024-11-21 5.1 MEDIUM N/A
Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.
CVE-2006-4384 1 Apple 1 Quicktime 2024-11-21 5.1 MEDIUM N/A
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.
CVE-2006-4382 1 Apple 1 Quicktime 2024-11-21 5.1 MEDIUM N/A
Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.
CVE-2006-4381 1 Apple 1 Quicktime 2024-11-21 5.1 MEDIUM N/A
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.
CVE-2006-2238 1 Apple 1 Quicktime 2024-11-21 7.5 HIGH N/A
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue was originally included as item 3 in CVE-2006-1983, but it has been given a separate identifier because it is a distinct issue.
CVE-2006-1465 1 Apple 1 Quicktime 2024-11-21 5.1 MEDIUM N/A
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file.
CVE-2006-1464 1 Apple 1 Quicktime 2024-11-21 5.1 MEDIUM N/A
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file.
CVE-2006-1463 1 Apple 1 Quicktime 2024-11-21 5.1 MEDIUM N/A
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value.