Apple : Security Vulnerabilities, CVEs, Published In 2012 (Denial of service)
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
Max CVSS
6.8
EPSS Score
5.21%
Published
2012-11-28
Updated
2017-08-29
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file.
Max CVSS
9.3
EPSS Score
2.61%
Published
2012-11-09
Updated
2017-09-19
Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
Max CVSS
9.3
EPSS Score
2.09%
Published
2012-11-09
Updated
2017-09-19
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file.
Max CVSS
9.3
EPSS Score
1.97%
Published
2012-11-09
Updated
2017-09-19
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.
Max CVSS
9.3
EPSS Score
83.52%
Published
2012-11-09
Updated
2017-09-19
Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
9.3
EPSS Score
4.90%
Published
2012-11-09
Updated
2017-09-19
CVE-2012-3753
Public exploit
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.
Max CVSS
9.3
EPSS Score
97.13%
Published
2012-11-09
Updated
2017-09-19
CVE-2012-3752
Public exploit
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.
Max CVSS
9.3
EPSS Score
97.11%
Published
2012-11-09
Updated
2017-09-19
Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element.
Max CVSS
9.3
EPSS Score
4.90%
Published
2012-11-09
Updated
2017-09-19
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
Max CVSS
5.1
EPSS Score
13.54%
Published
2012-11-03
Updated
2013-09-18
WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Max CVSS
6.8
EPSS Score
0.99%
Published
2012-09-20
Updated
2017-08-29
Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.
Max CVSS
5.0
EPSS Score
0.58%
Published
2012-09-20
Updated
2017-08-29
Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
Max CVSS
6.8
EPSS Score
1.55%
Published
2012-09-20
Updated
2017-08-29
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.
Max CVSS
4.6
EPSS Score
0.06%
Published
2012-09-20
Updated
2017-08-29
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Max CVSS
6.8
EPSS Score
1.48%
Published
2012-09-20
Updated
2017-08-29
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.
Max CVSS
7.5
EPSS Score
2.33%
Published
2012-09-20
Updated
2017-08-29
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Max CVSS
6.8
EPSS Score
2.64%
Published
2012-09-13
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Max CVSS
6.8
EPSS Score
2.64%
Published
2012-09-13
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Max CVSS
6.8
EPSS Score
8.72%
Published
2012-09-13
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Max CVSS
6.8
EPSS Score
2.64%
Published
2012-09-13
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Max CVSS
6.8
EPSS Score
8.72%
Published
2012-09-13
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Max CVSS
6.8
EPSS Score
2.64%
Published
2012-09-13
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Max CVSS
6.8
EPSS Score
8.72%
Published
2012-09-13
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Max CVSS
6.8
EPSS Score
2.64%
Published
2012-09-13
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Max CVSS
6.8
EPSS Score
8.72%
Published
2012-09-13
Updated
2017-09-19