CVSS: 9.3EPSS: 11%CPEs: 127EXPL: 0CVE-2009-0952 – Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0952
Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image. Desbordamiento de búfer en Apple QuickTime anterior a v7.6.2, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen PSD comprimida y manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application parses a malformed .PSD image. While decoding the columns, rows and channels in the image header, the application trusts a different length for copying than used for allocating it. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54877 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/bid/35168 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15793 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 59%CPEs: 127EXPL: 0CVE-2009-0953 – Apple Quicktime PICT Opcode 0x8201 Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0953
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Desbordamiento de búfer basado en memoria dinámica (heap) en Apple QuickTime anterior a v7.6.2, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen PICT manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of PICT files in QuickTime.qts. While processing data for opcode 0x8201 QuickTime trusts a value contained in the file and makes an allocation accordingly. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54876 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/bid/35164 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50890 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15939 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 93%CPEs: 90EXPL: 0CVE-2009-0954 – Apple Quicktime FIRE Codec Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0954
Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types. Desbordamiento de búfer basado en memoria dinámica en Apple QuickTime anterior a v7.6.2 en Windows permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de un fichero de película que contenga una tipos de regiones de clipping manipuladas (CRNG) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application decodes a .MOV file containing a frame encoded with Quicktime's FIRE codec. While decoding the frame's contents, the application will trust the frame data contains a special terminator during copying of file data to a heap buffer. If the terminator is not found, the application will copy indefinitely. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54875 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/bid/35167 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50892 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15344 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 93%CPEs: 122EXPL: 0CVE-2009-0957 – Apple QuickTime Jpeg2000 Marker Size Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0957
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image. Desbordamiento de búfer basado en memoria dinámica (heap) en Apple QuickTime v7.6.2, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen JP2 manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed Jpen2000 image files. A field is read directly from the file and used to allocate memory for a structure. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54873 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/bid/35165 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50898 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16155 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 1%CPEs: 5EXPL: 0CVE-2009-0008
https://notcve.org/view.php?id=CVE-2009-0008
Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. Vulnerabilidad no especificada en Apple QuickTime MPEG-2 Playback Component antes de v7.60.92.0 en Windows, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o ejecutar código de su elección mediante una película MPEG-2 manipulada. • http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html http://secunia.com/advisories/33642 http://support.apple.com/kb/HT3404 http://www.securityfocus.com/bid/33393 http://www.securitytracker.com/id?1021621 http://www.vupen.com/english/advisories/2009/0211 https://exchange.xforce.ibmcloud.com/vulnerabilities/48162 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5974 • CWE-20: Improper Input Validation •