Описание
Security update for libquicktime
This update for libquicktime fixes the following issues:
Security issues fixed:
- CVE-2017-9122: A DoS in quicktime_read_moov function in moov.c via a crafted mp4 file was fixed. (bsc#1044077)
- CVE-2017-9123: An invalid memory read in lqt_frame_duration via a crafted mp4 file was fixed. (bsc#1044009)
- CVE-2017-9124: A NULL pointer dereference in quicktime_match_32 via a crafted mp4 file was fixed. (bsc#1044008)
- CVE-2017-9125: A DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4 file was fixed. (bsc#1044122)
- CVE-2017-9126: A heap-based buffer overflow in quicktime_read_dref_table via a crafted mp4 file was fixed. (bsc#1044006)
- CVE-2017-9127: A heap-based buffer overflow in quicktime_user_atoms_read_atom via a crafted mp4 file was fixed. (bsc#1044002)
- CVE-2017-9128: A heap-based buffer over-read in quicktime_video_width via a crafted mp4 file was fixed. (bsc#1044000)
- CVE-2016-2399: Adjust fix to prevent endless loop when there are less than 256 bytes to read. (bsc#1022805)
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2017:1988-1
- E-Mail link for SUSE-SU-2017:1988-1
- SUSE Security Ratings
- SUSE Bug 1022805
- SUSE Bug 1044000
- SUSE Bug 1044002
- SUSE Bug 1044006
- SUSE Bug 1044008
- SUSE Bug 1044009
- SUSE Bug 1044077
- SUSE Bug 1044122
- SUSE CVE CVE-2016-2399 page
- SUSE CVE CVE-2017-9122 page
- SUSE CVE CVE-2017-9123 page
- SUSE CVE CVE-2017-9124 page
- SUSE CVE CVE-2017-9125 page
- SUSE CVE CVE-2017-9126 page
- SUSE CVE CVE-2017-9127 page
- SUSE CVE CVE-2017-9128 page
Описание
Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.
Затронутые продукты
Ссылки
- CVE-2016-2399
- SUSE Bug 1022805
Описание
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9122
- SUSE Bug 1044000
- SUSE Bug 1044002
- SUSE Bug 1044006
- SUSE Bug 1044008
- SUSE Bug 1044009
- SUSE Bug 1044077
- SUSE Bug 1044122
- SUSE Bug 1051855
- SUSE Bug 1051859
Описание
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9123
- SUSE Bug 1044009
Описание
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9124
- SUSE Bug 1044008
Описание
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9125
- SUSE Bug 1044122
Описание
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9126
- SUSE Bug 1044006
Описание
The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9127
- SUSE Bug 1044002
Описание
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9128
- SUSE Bug 1044000
- SUSE Bug 1044002
- SUSE Bug 1044006
- SUSE Bug 1044008
- SUSE Bug 1044009
- SUSE Bug 1044077
- SUSE Bug 1044122
- SUSE Bug 1051855
- SUSE Bug 1051859