Total
250 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0954 | 1 Apple | 1 Quicktime | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types. | |||||
CVE-2008-1582 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. | |||||
CVE-2009-0956 | 1 Apple | 1 Quicktime | 2023-12-10 | 9.3 HIGH | N/A |
Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero. | |||||
CVE-2009-0957 | 1 Apple | 1 Quicktime | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image. | |||||
CVE-2008-1015 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. | |||||
CVE-2009-0003 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure. | |||||
CVE-2008-1023 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. | |||||
CVE-2009-0004 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file. | |||||
CVE-2008-2010 | 2 Apple, Microsoft | 3 Quicktime, Windows Vista, Windows Xp | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2008-1739 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. | |||||
CVE-2008-1017 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. | |||||
CVE-2008-1013 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. | |||||
CVE-2009-0952 | 1 Apple | 1 Quicktime | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image. | |||||
CVE-2009-2203 | 1 Apple | 1 Quicktime | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file. | |||||
CVE-2008-1018 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom. | |||||
CVE-2008-1019 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop. | |||||
CVE-2008-3625 | 1 Apple | 1 Quicktime | 2023-12-10 | 9.3 HIGH | N/A |
Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms. | |||||
CVE-2008-3624 | 2 Apple, Microsoft | 5 Mac Os X, Quicktime, Windows-nt and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms. | |||||
CVE-2009-2798 | 1 Apple | 1 Quicktime | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | |||||
CVE-2008-1585 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. |