6 matches found
Ubuntu 16.04 LTS : libquicktime vulnerabilities (USN-4545-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4545-1 advisory. It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a...
USN-4545-1: libquicktime vulnerabilities
It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause a denial of service resource exhaustion. CVE-2017-9122 It was discovered that libquicktime...
Debian DLA-1042-1 : libquicktime security update
CVE-2017-9122 The quicktimereadmoov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted mp4 file. CVE-2017-9123 The lqtframeduration function in lqtquicktime.c in libquicktime 1.2.4 allows remote attackers t...
Updated libquicktime packages fix security vulnerabilities
A DoS in quicktimereadmoov function in moov.c via acrafted mp4 file was fixed CVE-2017-9122. An invalid memory read in lqtframeduration via a crafted mp4 file was fixed CVE-2017-9123. A NULL pointer dereference in quicktimematch32 via a crafted mp4 file was fixed CVE-2017-9124. A DoS in...
SUSE SLED12 / SLES12 Security Update : libquicktime (SUSE-SU-2017:1769-1)
This update for libquicktime fixes the following issues : - CVE-2017-9122: A DoS in quicktimereadmoov function in moov.c via acrafted mp4 file was fixed. bsc1044077 - CVE-2017-9123: An invalid memory read in lqtframeduration via a crafted mp4 file was fixed. bsc1044009 - CVE-2017-9124: A NULL...
CVE-2017-9128
CVE-2017-9128 affects libquicktime 1.2.4, where the function quicktime_video_width in lqt_quicktime.c can trigger a heap-based buffer over-read , leading to a denial of service when processing crafted MP4 files. Connected advisories (Debian, Ubuntu, SUSE, Mageia) confirm this issue and provide fi...