Libquicktime Security Vulnerabilities and Issues — Libquicktime CVE List

LibquicktimeLibquicktime

10 matches found

CVE•added 2017/06/12 6:0 a.m.•80 views

CVE-2017-9127

CVE-2017-9127 affects libquicktime 1.2.4, where the quicktime_user_atoms_read_atom function can be exploited by a crafted MP4 file to cause a heap-based buffer overflow and denial of service. Public advisories from Debian (DLA-1042-1) and openSUSE/SUSE mention fixes in libquicktime 1.2.4–3+deb7u2...

6.5CVSS6.2AI score0.02879EPSS

CVE•added 2017/06/12 6:0 a.m.•79 views

CVE-2017-9125

CVE-2017-9125 affects libquicktime 1.2.4, where the function lqt_frame_duration in lqt_quicktime.c can be exploited by a crafted MP4 file to cause a remote DoS via a heap-based buffer over-read. Exploitation details are confirmed across multiple vendor advisories (Debian DLA-1042-1, openSUSE open...

6.5CVSS6.1AI score0.02879EPSS

CVE•added 2017/01/30 10:0 p.m.•74 views

CVE-2016-2399

libquicktime (CVE-2016-2399) is affected up to version 1.2.4, where an integer overflow in the quicktime_read_pascal function can be triggered by a crafted MP4 file’s hdlr atom, allowing remote denial of service and possibly other impact. Public advisories and patches exist across multiple distro...

7.8CVSS7.7AI score0.00893EPSS

CVE•added 2017/06/12 6:0 a.m.•74 views

CVE-2017-9122

CVE-2017-9122 affects libquicktime 1.2.4, where quicktime_read_moov in moov.c can be triggered by a crafted MP4 to cause a denial of service (infinite loop/CPU exhaustion). The issue is addressed across multiple advisories (Ubuntu USN-4545-1, Debian DLA-1042-1, openSUSE openSUSE-2017-785, Mageia ...

7.1CVSS6AI score0.06817EPSS

CVE•added 2017/06/12 6:0 a.m.•71 views

CVE-2017-9123

CVE-2017-9123 concerns the libquicktime 1.2.4 library, where the lqt_frame_duration function can trigger a denial of service via an crafted MP4 file that causes an invalid memory read and application crash. This vulnerability is confirmed across multiple advisories referencing the same issue, inc...

6.5CVSS6AI score0.02879EPSS

CVE•added 2017/06/12 6:0 a.m.•68 views

CVE-2017-9128

CVE-2017-9128 affects libquicktime 1.2.4, where the function quicktime_video_width in lqt_quicktime.c can trigger a heap-based buffer over-read , leading to a denial of service when processing crafted MP4 files. Connected advisories (Debian, Ubuntu, SUSE, Mageia) confirm this issue and provide fi...

6.5CVSS6.1AI score0.02879EPSS

CVE•added 2017/06/12 6:0 a.m.•66 views

CVE-2017-9126

CVE-2017-9126 affects libquicktime 1.2.4, specifically the quicktime_read_dref_table function in dref.c. A crafted MP4 file can trigger a heap-based buffer overflow and application crash, enabling a remote DoS. Multiple connected advisories confirm the issue and provide fixed versions (e.g., Debi...

6.5CVSS6.2AI score0.02879EPSS

CVE•added 2017/06/12 6:0 a.m.•64 views

CVE-2017-9124

CVE-2017-9124 affects libquicktime 1.2.4, where the quicktime_match_32 function in util.c can be triggered by a crafted MP4 file to cause a denial of service via a NULL pointer dereference. In public advisories, multiple distributions have addressed this issue (e.g., Debian DLA-1042-1 fixing 2:1....

6.5CVSS6AI score0.07643EPSS

CVE•added 2017/08/02 5:0 a.m.•42 views

CVE-2017-12145

CVE-2017-12145 affects libquicktime 1.2.4. The vulnerability is an allocation failure in the function quicktime_read_ftyp (ftyp.c) that can be triggered by processing a crafted file, leading to a denial of service. The available documents do not provide exploit details, affected products beyond t...

6.5CVSS6.1AI score0.00334EPSS

CVE•added 2017/08/02 5:0 a.m.•41 views

CVE-2017-12143

CVE-2017-12143 affects libquicktime 1.2.4 . The root cause is an allocation failure in the function quicktime_read_info inside lqt_quicktime.c , which can be triggered by processing a crafted file and leads to a denial of service . The vulnerability is described with a network-vector exploitation...

6.5CVSS6.1AI score0.0028EPSS