Quicktime

quicktime

Vendor: Apple • 246 CVEs

CVEs (246)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-5045 2Apple Mozilla 2Firefox Quicktime Apr 23, 2026 Sep 24, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Li...Show more Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.Show less
CVE-2007-2402 1Apple 1Quicktime Apr 23, 2026 Jul 15, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
CVE-2007-2397 1Apple 1Quicktime Apr 23, 2026 Jul 15, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.
CVE-2007-2396 1Apple 1Quicktime Apr 23, 2026 Jul 15, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.
CVE-2007-2394 1Apple 1Quicktime Apr 23, 2026 Jul 15, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to imprope...Show more Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.Show less
CVE-2007-2393 1Apple 1Quicktime Apr 23, 2026 Jul 15, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.
CVE-2007-2392 1Apple 1Quicktime Apr 23, 2026 Jul 15, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption.
CVE-2007-2389 1Apple 1Quicktime Apr 23, 2026 May 29, 2007 N/A· v4 N/A· v3 7.1 HIGH· v2 Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.
CVE-2007-2388 1Apple 1Quicktime Apr 23, 2026 May 29, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses...Show more Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.Show less
CVE-2007-0754 1Apple 1Quicktime Apr 23, 2026 May 14, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.
CVE-2007-2296 1Apple 1Quicktime Apr 23, 2026 Apr 26, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file.
CVE-2007-2295 1Apple 1Quicktime Apr 23, 2026 Apr 26, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.
CVE-2007-0718 1Apple 1Quicktime Apr 23, 2026 Mar 5, 2007 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description co...Show more Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.Show less
CVE-2007-0717 1Apple 1Quicktime Apr 23, 2026 Mar 5, 2007 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
CVE-2007-0716 1Apple 1Quicktime Apr 23, 2026 Mar 5, 2007 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
CVE-2007-0715 1Apple 1Quicktime Apr 23, 2026 Mar 5, 2007 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.
CVE-2007-0714 1Apple 1Quicktime Apr 23, 2026 Mar 5, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) w...Show more Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.Show less
CVE-2007-0713 1Apple 1Quicktime Apr 23, 2026 Mar 5, 2007 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.
CVE-2007-0712 1Apple 1Quicktime Apr 23, 2026 Mar 5, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.
CVE-2007-0711 1Apple 1Quicktime Apr 23, 2026 Mar 5, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted...Show more Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.Show less

Previous 1...91011 12 13 Next