The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
Max CVSS
6.8
EPSS Score
3.38%
Published
2008-09-11
Updated
2018-10-30
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.
Max CVSS
6.8
EPSS Score
1.19%
Published
2008-09-03
Updated
2018-10-30
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.
Max CVSS
6.8
EPSS Score
3.92%
Published
2008-04-04
Updated
2017-08-08
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.
Max CVSS
9.3
EPSS Score
70.61%
Published
2008-01-16
Updated
2018-10-15
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
Max CVSS
5.8
EPSS Score
5.48%
Published
2008-01-16
Updated
2017-08-08
5 vulnerabilities found