Apple Quicktime vulnerabilities

235 known vulnerabilities affecting apple/quicktime.

Total CVEs

235

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL118HIGH20MEDIUM95LOW2

Vulnerabilities

Page 6 of 12

CVE-2010-1818CRITICALCVSS 9.3PoCv6.0v6.0.0+45 more2010-08-31

CVE-2010-1818 [CRITICAL] CWE-824 CVE-2010-1818: The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, an The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.

nvd

CVE-2010-1799CRITICALCVSS 9.3PoCv3.0v4.1.2+50 more2010-08-16

CVE-2010-1799 [CRITICAL] CWE-119 CVE-2010-1799: Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Wi Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

nvd

CVE-2010-0528CRITICALCVSS 9.3≤ 7.6.0v7.0.0+22 more2010-03-31

CVE-2010-0528 [CRITICAL] CWE-119 CVE-2010-0528: Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value.

nvd

CVE-2010-0529CRITICALCVSS 9.3≤ 7.6.0v7.0.0+20 more2010-03-31

CVE-2010-0529 [CRITICAL] CWE-119 CVE-2010-0529: Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.

nvd

CVE-2010-0536CRITICALCVSS 9.3≤ 7.6.0v7.0.0+20 more2010-03-31

CVE-2010-0536 [CRITICAL] CWE-119 CVE-2010-0536: Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.

nvd

CVE-2010-0527CRITICALCVSS 9.3≤ 7.6.0v7.0.0+20 more2010-03-31

CVE-2010-0527 [CRITICAL] CWE-189 CVE-2010-0527: Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbit Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

nvd

CVE-2009-2799CRITICALCVSS 9.3≤ 7.6.2v3.0+49 more2009-09-10

CVE-2009-2799 [CRITICAL] CWE-119 CVE-2009-2799: Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitr Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file.

nvd

CVE-2009-2202CRITICALCVSS 9.3≤ 7.6.1v3.0+49 more2009-09-10

CVE-2009-2202 [CRITICAL] CVE-2009-2202: Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.

nvd

CVE-2009-2798CRITICALCVSS 9.3≤ 7.6.2v3.0+49 more2009-09-10

CVE-2009-2798 [CRITICAL] CWE-119 CVE-2009-2798: Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitr Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

nvd

CVE-2009-2203CRITICALCVSS 9.3≤ 7.6.2v3.0+49 more2009-09-10

CVE-2009-2203 [CRITICAL] CWE-119 CVE-2009-2203: Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.

nvd

CVE-2009-0953CRITICALCVSS 9.3≤ 7.6.1v3.0+48 more2009-06-02

CVE-2009-0953 [CRITICAL] CWE-119 CVE-2009-0953: Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitr Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

nvd

CVE-2009-0955CRITICALCVSS 9.3PoC≤ 7.6.1v3.0+47 more2009-06-02

CVE-2009-0955 [CRITICAL] CWE-94 CVE-2009-0955: Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."

nvd

CVE-2009-0956CRITICALCVSS 9.3≤ 7.6.1v3.0+48 more2009-06-02

CVE-2009-0956 [CRITICAL] CWE-399 CVE-2009-0956: Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero.

nvd

CVE-2009-0957CRITICALCVSS 9.3v3.0v4.1.2+46 more2009-06-02

CVE-2009-0957 [CRITICAL] CWE-119 CVE-2009-0957: Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitr Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.

nvd

CVE-2009-0954CRITICALCVSS 9.3≤ 7.6.1v3.0+48 more2009-06-02

CVE-2009-0954 [CRITICAL] CWE-119 CVE-2009-0954: Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to exe Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types.

nvd

CVE-2009-0185CRITICALCVSS 9.3≤ 7.6.1v3.0+48 more2009-06-02

CVE-2009-0185 [CRITICAL] CWE-119 CVE-2009-0185: Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitr Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file.

nvd

CVE-2009-0188CRITICALCVSS 9.3≤ 7.6.1v3.0+48 more2009-06-02

CVE-2009-0188 [CRITICAL] CWE-399 CVE-2009-0188: Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file.

nvd

CVE-2009-0951CRITICALCVSS 9.3≤ 7.6.1v3.0+48 more2009-06-02

CVE-2009-0951 [CRITICAL] CWE-119 CVE-2009-0951: Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitr Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.

nvd

CVE-2009-0952CRITICALCVSS 9.3≤ 7.6.1v3.0+48 more2009-06-02

CVE-2009-0952 [CRITICAL] CWE-119 CVE-2009-0952: Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image.

nvd

CVE-2009-0006CRITICALCVSS 9.3≤ 7.5.5v3.0+43 more2009-01-21

CVE-2009-0006 [CRITICAL] CWE-189 CVE-2009-0006: Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.

nvd

← Previous6 / 12Next →