CVSS: 9.8EPSS: 74%CPEs: 4EXPL: 0CVE-2006-1249
https://notcve.org/view.php?id=CVE-2006-1249
19 Mar 2006 — Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. • http://lists.apple.com/archives/security-announce/2006/May/msg00002.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 94%CPEs: 2EXPL: 0CVE-2005-4092
https://notcve.org/view.php?id=CVE-2005-4092
08 Dec 2005 — Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally... • http://docs.info.apple.com/article.html?artnum=303101 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •