CVE-2016-2399

Опубликовано: 30 янв. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.

Ссылки

http://www.debian.org/security/2017/dsa-3800
http://www.nemux.org/2016/02/23/libquicktime-1-2-4/
Exploit
Technical Description
Third Party Advisory
http://www.securityfocus.com/bid/95880
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/135899/libquicktime-1.2.4-Integer-Overflow.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/39487/
http://www.debian.org/security/2017/dsa-3800
http://www.nemux.org/2016/02/23/libquicktime-1-2-4/
Exploit
Technical Description
Third Party Advisory
http://www.securityfocus.com/bid/95880
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/135899/libquicktime-1.2.4-Integer-Overflow.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/39487/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libquicktime:libquicktime:*:*:*:*:*:*:*:*

Версия до 1.2.4 (включая)

EPSS

Процентиль: 75%

0.00893

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2016-2399

CVSS3: 7.8

ubuntu

около 9 лет назад

CVE-2016-2399

CVSS3: 7.8

debian

около 9 лет назад

Integer overflow in the quicktime_read_pascal function in libquicktime ...

openSUSE-SU-2017:0552-1

suse-cvrf

почти 9 лет назад

Security update for libquicktime

SUSE-SU-2017:1986-1

suse-cvrf

больше 8 лет назад

Security update for libquicktime

SUSE-SU-2017:0624-1

suse-cvrf

почти 9 лет назад

Security update for libquicktime

EPSS

Процентиль: 75%

0.00893

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190