CVSS: 6.8EPSS: 24%CPEs: 2EXPL: 0CVE-2015-3669 – Apple QuickTime SGI Image File Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3669
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665. QT Media Foundation en Apple QuickTime anterior a 7.7.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3664 y CVE-2015-3665. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of SGI Image Files. By providing a malformed file, an attacker can overflow a fixed sized region of the heap. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html http://support.apple.com/kb/HT204947 http://www.securityfocus.com/bid/75497 http://www.securitytracker.com/id/1032756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 45EXPL: 0CVE-2014-1244 – Apple QuickTime stsz Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1244
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. Desbordamiento de buffer en Apple QuickTime anterior a 7.7.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de vídeo manipulado con codificación H.264. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the stsz atom. By creating a deliberately malformed stsz atom, an attacker is able to cause a heap overflow within the QuickTime parser. • http://support.apple.com/kb/HT6151 http://www.securityfocus.com/bid/65786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 45EXPL: 0CVE-2014-1251 – Apple QuickTime clef Atom Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1251
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file. Desbordamiento de buffer en Apple QuickTime anterior a 7.7.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un átomo clef manipulado en un archivo de vídeo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the clef atom. An attacker can use this flaw to overflow an improperly allocated buffer, which could allow for the execution of arbitrary code in the context of the current process. • http://support.apple.com/kb/HT6151 http://www.securityfocus.com/bid/65787 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 45EXPL: 0CVE-2014-1243 – Apple QuickTime nam Atom Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1243
Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file. Apple QuickTime anterior a 7.7.5 no inicializa un puntero no especificado, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una lista de pistas manipulada en un archivo de vídeo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the nam atom in an mp4 file. Manipulation of this atom can corrupt memory and a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process. • http://support.apple.com/kb/HT6151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 45EXPL: 0CVE-2014-1245 – Apple QuickTime stsz Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1245
Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file. Error de signo de enteros en Apple QuickTime anterior a 7.7.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un átomo stsz manipulado en un archivo de vídeo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the stsz atom. By providing a malicious value inside of the stsz atom, an attacker is able to influence the destination of a data write. • http://support.apple.com/kb/HT6150 http://support.apple.com/kb/HT6151 • CWE-189: Numeric Errors •