Quicktime

quicktime

Vendor: Apple • 246 CVEs

CVEs (246)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-1017 1Apple 1Quicktime Apr 23, 2026 Apr 4, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
CVE-2008-1016 1Apple 1Quicktime Apr 23, 2026 Apr 4, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.
CVE-2008-1015 1Apple 1Quicktime Apr 23, 2026 Apr 4, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
CVE-2008-1014 1Apple 1Quicktime Apr 23, 2026 Apr 4, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.
CVE-2008-1013 1Apple 1Quicktime Apr 23, 2026 Apr 4, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.
CVE-2008-0778 1Apple 1Quicktime Apr 23, 2026 Feb 14, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long a...Show more Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.Show less
CVE-2008-0036 1Apple 1Quicktime Apr 23, 2026 Jan 16, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.
CVE-2008-0033 1Apple 1Quicktime Apr 23, 2026 Jan 16, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms contai...Show more Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.Show less
CVE-2008-0032 1Apple 1Quicktime Apr 23, 2026 Jan 16, 2008 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.
CVE-2008-0031 1Apple 1Quicktime Apr 23, 2026 Jan 16, 2008 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory...Show more Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.Show less
CVE-2008-0234 1Apple 1Quicktime Apr 23, 2026 Jan 11, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// reques...Show more Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.Show less
CVE-2007-4707 1Apple 1Quicktime Apr 23, 2026 Dec 15, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.
CVE-2007-4706 1Apple 1Quicktime Apr 23, 2026 Dec 15, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file.
CVE-2007-6238 1Apple 1Quicktime Apr 23, 2026 Dec 4, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information...Show more Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.Show less
CVE-2007-6166 1Apple 2Quicktime Safari Apr 23, 2026 Nov 29, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RT...Show more Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.Show less
CVE-2007-4674 1Apple 1Quicktime Apr 23, 2026 Nov 27, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflo...Show more An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.Show less
CVE-2007-4672 1Apple 1Quicktime Apr 23, 2026 Nov 7, 2007 N/A· v4 N/A· v3 7.6 HIGH· v2 Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.
CVE-2007-3750 1Apple 1Quicktime Apr 23, 2026 Nov 7, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
CVE-2007-2395 1Apple 1Quicktime Apr 23, 2026 Nov 7, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."
CVE-2007-4673 1Apple 1Quicktime Apr 23, 2026 Oct 4, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be rel...Show more Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.Show less

Previous 1...8910...13 Next