Apple Quicktime vulnerabilities
235 known vulnerabilities affecting apple/quicktime.
Total CVEs
235
CISA KEV
0
Public exploits
23
Exploited in wild
0
Severity breakdown
CRITICAL118HIGH20MEDIUM95LOW2
Vulnerabilities
Page 3 of 12
CVE-2010-1819CRITICALCVSS 9.3≤ 7.6.7v7.6.0+4 more2013-12-27
CVE-2010-1819 [CRITICAL] CVE-2010-1819: Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows loc
Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is located in the same folder as a .pic image file.
nvd
CVE-2013-1015CRITICALCVSS 9.3≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-1015 [CRITICAL] CWE-119 CVE-2013-1015: Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file.
nvd
CVE-2013-0986CRITICALCVSS 9.3≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-0986 [CRITICAL] CWE-119 CVE-2013-0986: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file.
nvd
CVE-2013-1021CRITICALCVSS 9.3≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-1021 [CRITICAL] CWE-119 CVE-2013-1021: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file.
nvd
CVE-2013-1018CRITICALCVSS 9.3≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-1018 [CRITICAL] CWE-119 CVE-2013-1018: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
nvd
CVE-2013-1022CRITICALCVSS 9.3≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-1022 [CRITICAL] CWE-119 CVE-2013-1022: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.
nvd
CVE-2013-1019CRITICALCVSS 9.3≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-1019 [CRITICAL] CWE-119 CVE-2013-1019: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
nvd
CVE-2013-0988CRITICALCVSS 9.3≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-0988 [CRITICAL] CWE-119 CVE-2013-0988: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file.
nvd
CVE-2013-0987CRITICALCVSS 9.3≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-0987 [CRITICAL] CWE-399 CVE-2013-0987: Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file.
nvd
CVE-2013-1020CRITICALCVSS 9.3≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-1020 [CRITICAL] CWE-399 CVE-2013-1020: Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file.
nvd
CVE-2013-0989CRITICALCVSS 9.3≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-0989 [CRITICAL] CWE-119 CVE-2013-0989: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file.
nvd
CVE-2013-1017CRITICALCVSS 9.3PoC≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-1017 [CRITICAL] CWE-119 CVE-2013-1017: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.
nvd
CVE-2013-1016CRITICALCVSS 9.3≤ 7.7.3v3.0+50 more2013-05-24
CVE-2013-1016 [CRITICAL] CWE-119 CVE-2013-1016: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding.
nvd
CVE-2011-1374CRITICALCVSS 9.3≤ 7.7.2v3.0+49 more2012-11-09
CVE-2011-1374 [CRITICAL] CWE-119 CVE-2011-1374: Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted REGION record in a PICT file.
nvd
CVE-2012-3754CRITICALCVSS 9.3≤ 7.7.2v3.0+49 more2012-11-09
CVE-2012-3754 [CRITICAL] CWE-399 CVE-2012-3754: Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.
Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
nvd
CVE-2012-3752CRITICALCVSS 9.3PoC≤ 7.7.2v3.0+49 more2012-11-09
CVE-2012-3752 [CRITICAL] CWE-119 CVE-2012-3752: Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrar
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.
nvd
CVE-2012-3757CRITICALCVSS 9.3≤ 7.7.2v3.0+49 more2012-11-09
CVE-2012-3757 [CRITICAL] CVE-2012-3757: Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of
Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
nvd
CVE-2012-3755CRITICALCVSS 9.3PoC≤ 7.7.2v3.0+49 more2012-11-09
CVE-2012-3755 [CRITICAL] CWE-119 CVE-2012-3755: Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.
nvd
CVE-2012-3756CRITICALCVSS 9.3≤ 7.7.2v3.0+49 more2012-11-09
CVE-2012-3756 [CRITICAL] CWE-119 CVE-2012-3756: Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file.
nvd
CVE-2012-3751CRITICALCVSS 9.3≤ 7.7.2v3.0+49 more2012-11-09
CVE-2012-3751 [CRITICAL] CWE-399 CVE-2012-3751: Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers t
Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element.
nvd