Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.
Max CVSS
6.8
EPSS Score
56.32%
Published
2006-03-19
Updated
2018-10-18
CVE-2007-0015
Public exploit
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
Max CVSS
6.8
EPSS Score
96.63%
Published
2007-01-01
Updated
2017-10-19
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
Max CVSS
6.8
EPSS Score
12.35%
Published
2007-01-05
Updated
2018-10-30
An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.
Max CVSS
6.8
EPSS Score
3.89%
Published
2007-11-27
Updated
2018-10-15
Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file.
Max CVSS
6.8
EPSS Score
13.71%
Published
2007-12-15
Updated
2017-07-29
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.
Max CVSS
6.8
EPSS Score
7.18%
Published
2008-01-16
Updated
2017-08-08
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.
Max CVSS
6.8
EPSS Score
2.93%
Published
2008-04-04
Updated
2017-08-08
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
Max CVSS
6.8
EPSS Score
5.22%
Published
2008-04-04
Updated
2017-08-08
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.
Max CVSS
6.8
EPSS Score
3.92%
Published
2008-04-04
Updated
2017-08-08
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
Max CVSS
6.8
EPSS Score
22.05%
Published
2008-04-04
Updated
2018-10-11
Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.
Max CVSS
6.8
EPSS Score
27.37%
Published
2008-04-04
Updated
2018-10-11
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.
Max CVSS
6.8
EPSS Score
78.01%
Published
2008-04-04
Updated
2018-10-11
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.
Max CVSS
6.8
EPSS Score
78.01%
Published
2008-04-04
Updated
2018-10-11
Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding.
Max CVSS
6.8
EPSS Score
10.16%
Published
2008-04-04
Updated
2018-10-11
Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.
Max CVSS
6.8
EPSS Score
78.01%
Published
2008-04-04
Updated
2018-10-11
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.
Max CVSS
6.8
EPSS Score
3.11%
Published
2008-04-04
Updated
2017-08-08
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.
Max CVSS
6.8
EPSS Score
3.61%
Published
2008-06-10
Updated
2018-10-11
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption.
Max CVSS
6.8
EPSS Score
4.22%
Published
2008-06-10
Updated
2017-08-08
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581.
Max CVSS
6.8
EPSS Score
2.58%
Published
2008-06-10
Updated
2017-08-08
Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file.
Max CVSS
6.8
EPSS Score
33.88%
Published
2008-06-10
Updated
2018-10-11
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.
Max CVSS
6.8
EPSS Score
1.81%
Published
2008-06-10
Updated
2018-10-11
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.
Max CVSS
6.8
EPSS Score
1.19%
Published
2008-09-03
Updated
2018-10-30
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
Max CVSS
6.8
EPSS Score
4.92%
Published
2008-09-11
Updated
2018-10-30
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.
Max CVSS
6.8
EPSS Score
1.35%
Published
2008-09-11
Updated
2018-10-30
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
Max CVSS
6.8
EPSS Score
3.38%
Published
2008-09-11
Updated
2018-10-30