rpm package
suse/libquicktime&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/libquicktime&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9128 | Med | 6.5 | < 1.0.3-6.5.1 | 1.0.3-6.5.1 | Jun 12, 2017 | The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file. | |
| CVE-2017-9127 | Med | 6.5 | < 1.0.3-6.5.1 | 1.0.3-6.5.1 | Jun 12, 2017 | The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. | |
| CVE-2017-9126 | Med | 6.5 | < 1.0.3-6.5.1 | 1.0.3-6.5.1 | Jun 12, 2017 | The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. | |
| CVE-2017-9125 | Med | 6.5 | < 1.0.3-6.5.1 | 1.0.3-6.5.1 | Jun 12, 2017 | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. | |
| CVE-2017-9124 | Med | 6.5 | < 1.0.3-6.5.1 | 1.0.3-6.5.1 | Jun 12, 2017 | The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |
| CVE-2017-9123 | Med | 6.5 | < 1.0.3-6.5.1 | 1.0.3-6.5.1 | Jun 12, 2017 | The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. | |
| CVE-2017-9122 | Med | 6.5 | < 1.0.3-6.5.1 | 1.0.3-6.5.1 | Jun 12, 2017 | The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | |
| CVE-2016-2399 | Hig | 7.8 | < 1.0.3-5.2 | 1.0.3-5.2 | Jan 30, 2017 | Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. |
- affected < 1.0.3-6.5.1fixed 1.0.3-6.5.1
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.
- affected < 1.0.3-6.5.1fixed 1.0.3-6.5.1
The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
- affected < 1.0.3-6.5.1fixed 1.0.3-6.5.1
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
- affected < 1.0.3-6.5.1fixed 1.0.3-6.5.1
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
- affected < 1.0.3-6.5.1fixed 1.0.3-6.5.1
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
- affected < 1.0.3-6.5.1fixed 1.0.3-6.5.1
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
- affected < 1.0.3-6.5.1fixed 1.0.3-6.5.1
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
- affected < 1.0.3-5.2fixed 1.0.3-5.2
Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.