rpm package
suse/libquicktime&distro=SUSE Linux Enterprise Server 12 SP2
pkg:rpm/suse/libquicktime&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9128 | Med | 6.5 | < 1.2.4-13.1 | 1.2.4-13.1 | Jun 12, 2017 | The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file. | |
| CVE-2017-9127 | Med | 6.5 | < 1.2.4-13.1 | 1.2.4-13.1 | Jun 12, 2017 | The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. | |
| CVE-2017-9126 | Med | 6.5 | < 1.2.4-13.1 | 1.2.4-13.1 | Jun 12, 2017 | The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. | |
| CVE-2017-9125 | Med | 6.5 | < 1.2.4-13.1 | 1.2.4-13.1 | Jun 12, 2017 | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. | |
| CVE-2017-9124 | Med | 6.5 | < 1.2.4-13.1 | 1.2.4-13.1 | Jun 12, 2017 | The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |
| CVE-2017-9123 | Med | 6.5 | < 1.2.4-13.1 | 1.2.4-13.1 | Jun 12, 2017 | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. | |
| CVE-2017-9122 | Med | 6.5 | < 1.2.4-13.1 | 1.2.4-13.1 | Jun 12, 2017 | The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | |
| CVE-2016-2399 | Hig | 7.8 | < 1.2.4-10.1 | 1.2.4-10.1 | Jan 30, 2017 | Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. |
- affected < 1.2.4-13.1fixed 1.2.4-13.1
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.
- affected < 1.2.4-13.1fixed 1.2.4-13.1
The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
- affected < 1.2.4-13.1fixed 1.2.4-13.1
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
- affected < 1.2.4-13.1fixed 1.2.4-13.1
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
- affected < 1.2.4-13.1fixed 1.2.4-13.1
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
- affected < 1.2.4-13.1fixed 1.2.4-13.1
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
- affected < 1.2.4-13.1fixed 1.2.4-13.1
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
- affected < 1.2.4-10.1fixed 1.2.4-10.1
Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.