8 matches found
Ubuntu 16.04 LTS : libquicktime vulnerabilities (USN-4545-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4545-1 advisory. It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a...
USN-4545-1: libquicktime vulnerabilities
It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause a denial of service resource exhaustion. CVE-2017-9122 It was discovered that libquicktime...
Debian DLA-1042-1 : libquicktime security update
CVE-2017-9122 The quicktimereadmoov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted mp4 file. CVE-2017-9123 The lqtframeduration function in lqtquicktime.c in libquicktime 1.2.4 allows remote attackers t...
Updated libquicktime packages fix security vulnerabilities
A DoS in quicktimereadmoov function in moov.c via acrafted mp4 file was fixed CVE-2017-9122. An invalid memory read in lqtframeduration via a crafted mp4 file was fixed CVE-2017-9123. A NULL pointer dereference in quicktimematch32 via a crafted mp4 file was fixed CVE-2017-9124. A DoS in...
SUSE SLED12 / SLES12 Security Update : libquicktime (SUSE-SU-2017:1769-1)
This update for libquicktime fixes the following issues : - CVE-2017-9122: A DoS in quicktimereadmoov function in moov.c via acrafted mp4 file was fixed. bsc1044077 - CVE-2017-9123: An invalid memory read in lqtframeduration via a crafted mp4 file was fixed. bsc1044009 - CVE-2017-9124: A NULL...
CVE-2017-9126
The quicktimereaddreftable function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash via a crafted mp4 file...
CVE-2017-9126
The quicktimereaddreftable function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash via a crafted mp4 file...
CVE-2017-9126
CVE-2017-9126 affects libquicktime 1.2.4, specifically the quicktime_read_dref_table function in dref.c. A crafted MP4 file can trigger a heap-based buffer overflow and application crash, enabling a remote DoS. Multiple connected advisories confirm the issue and provide fixed versions (e.g., Debi...