U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:apple:quicktime:-
There are 184 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2009-0188

Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file.

Published: June 02, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-0185

Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file.

Published: June 02, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-0007

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.

Published: January 21, 2009; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-0006

Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.

Published: January 21, 2009; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-0005

Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.

Published: January 21, 2009; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-0004

Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.

Published: January 21, 2009; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-0003

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.

Published: January 21, 2009; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-0002

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.

Published: January 21, 2009; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-0001

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.

Published: January 21, 2009; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3635

Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3629

Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-3628

Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3627

Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3626

The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-3625

Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms.

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3624

Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-3615

ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3614

Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-1739

Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.

Published: September 03, 2008; 3:42:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-1581

Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.

Published: June 10, 2008; 2:32:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM