EUVD-2017-18064

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-12143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libquicktime 1.2.4, an allocation failure was found in the function quicktimereadinfo in lqtquicktime.c, which allows attackers to cause a denial of service...

SUSE CVE-2017-9125

The lqtframeduration function in lqtquicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mp4 file...

SUSE CVE-2017-9128

The quicktimevideowidth function in lqtquicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted mp4 file...

Code injection

In libquicktime 1.2.4, an allocation failure was found in the function quicktimereadftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file...

CVE-2017-9124

The quicktimematch32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted mp4 file...

CVE-2016-2399

Integer overflow in the quicktimereadpascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom...

libquicktime 1.2.4 - Integer Overflow

!/usr/bin/env python - 7 February 2016 - My last bug hunting session for fun and no-profit has been dedicated to libquicktime Author: Marco Romano - @nemux http://www.nemux.org libquicktime 1.2.4 Integer Overflow Product Page: http://libquicktime.sourceforge.net/ Description: 'hdlr', 'stsd', 'fta...