Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1769-1

Опубликовано: 04 июл. 2017
Источник: suse-cvrf

Описание

Security update for libquicktime

This update for libquicktime fixes the following issues:

  • CVE-2017-9122: A DoS in quicktime_read_moov function in moov.c via acrafted mp4 file was fixed. (bsc#1044077)
  • CVE-2017-9123: An invalid memory read in lqt_frame_duration via a crafted mp4 file was fixed. (bsc#1044009)
  • CVE-2017-9124: A NULL pointer dereference in quicktime_match_32 via a crafted mp4 file was fixed. (bsc#1044008)
  • CVE-2017-9125: A DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4 file was fixed. (bsc#1044122)
  • CVE-2017-9126: A heap-based buffer overflow in quicktime_read_dref_table via a crafted mp4 file was fixed. (bsc#1044006)
  • CVE-2017-9127: A heap-based buffer overflow in quicktime_user_atoms_read_atom via a crafted mp4 file was fixed. (bsc#1044002)
  • CVE-2017-9128: A heap-based buffer over-read in quicktime_video_width via a crafted mp4 file was fixed. (bsc#1044000)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server 12 SP2
libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libquicktime-devel-1.2.4-13.1

Ссылки

Описание

The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libquicktime0-1.2.4-13.1
Ссылки

Описание

The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libquicktime0-1.2.4-13.1
Ссылки

Описание

The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libquicktime0-1.2.4-13.1
Ссылки

Описание

The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libquicktime0-1.2.4-13.1
Ссылки

Описание

The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libquicktime0-1.2.4-13.1
Ссылки

Описание

The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libquicktime0-1.2.4-13.1
Ссылки

Описание

The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libquicktime0-1.2.4-13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libquicktime0-1.2.4-13.1
Ссылки
Уязвимость SUSE-SU-2017:1769-1