Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
Max CVSS
7.6
EPSS Score
0.72%
Published
2001-05-03
Updated
2017-12-19
Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.
Max CVSS
7.5
EPSS Score
0.73%
Published
2002-05-29
Updated
2017-10-11
Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field.
Max CVSS
7.5
EPSS Score
2.39%
Published
2002-09-24
Updated
2008-09-10
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.
Max CVSS
7.5
EPSS Score
13.75%
Published
2003-04-02
Updated
2018-10-19
AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets.
Max CVSS
7.5
EPSS Score
0.20%
Published
2005-01-27
Updated
2008-09-05
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.
Max CVSS
7.5
EPSS Score
96.80%
Published
2005-12-31
Updated
2018-10-19
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
0.46%
Published
2005-10-26
Updated
2008-09-05
Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Max CVSS
7.5
EPSS Score
5.23%
Published
2005-12-31
Updated
2017-07-11
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Max CVSS
7.5
EPSS Score
5.59%
Published
2005-12-31
Updated
2017-07-11
Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file.
Max CVSS
7.5
EPSS Score
5.35%
Published
2005-12-31
Updated
2017-07-11
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.
Max CVSS
7.5
EPSS Score
83.64%
Published
2005-12-31
Updated
2018-10-19
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.
Max CVSS
7.5
EPSS Score
62.80%
Published
2005-12-31
Updated
2018-10-19
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.
Max CVSS
7.5
EPSS Score
24.61%
Published
2005-12-31
Updated
2018-10-19
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.
Max CVSS
7.5
EPSS Score
94.96%
Published
2005-12-08
Updated
2018-10-19
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue was originally included as item 3 in CVE-2006-1983, but it has been given a separate identifier because it is a distinct issue.
Max CVSS
7.5
EPSS Score
79.62%
Published
2006-05-12
Updated
2017-07-20
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.
Max CVSS
7.1
EPSS Score
79.60%
Published
2007-01-30
Updated
2013-08-15
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.
Max CVSS
7.1
EPSS Score
1.74%
Published
2007-05-29
Updated
2017-07-29
Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.
Max CVSS
7.6
EPSS Score
24.97%
Published
2007-11-07
Updated
2018-10-15
Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.
Max CVSS
7.5
EPSS Score
84.87%
Published
2008-02-14
Updated
2018-10-15
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753.
Max CVSS
7.5
EPSS Score
4.54%
Published
2015-08-17
Updated
2017-09-21
Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
7.8
EPSS Score
0.07%
Published
2017-07-07
Updated
2017-07-14
21 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!