Описание
Security update for libquicktime
This update for libquicktime fixes the following issues:
- CVE-2017-9122: A DoS in quicktime_read_moov function in moov.c via acrafted mp4 file was fixed. (boo#1044077)
- CVE-2017-9123: An invalid memory read in lqt_frame_duration via a crafted mp4 file was fixed. (boo#1044009)
- CVE-2017-9124: A NULL pointer dereference in quicktime_match_32 via a crafted mp4 file was fixed. (boo#1044008)
- CVE-2017-9125: A DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4 file was fixed. (boo#1044122)
- CVE-2017-9126: A heap-based buffer overflow in quicktime_read_dref_table via a crafted mp4 file was fixed. (boo#1044006)
- CVE-2017-9127: A heap-based buffer overflow in quicktime_user_atoms_read_atom via a crafted mp4 file was fixed. (boo#1044002)
- CVE-2017-9128: A heap-based buffer over-read in quicktime_video_width via a crafted mp4 file was fixed. (boo#1044000)
Список пакетов
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2017:1806-1
- SUSE Security Ratings
Описание
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9122
- SUSE Bug 1044000
- SUSE Bug 1044002
- SUSE Bug 1044006
- SUSE Bug 1044008
- SUSE Bug 1044009
- SUSE Bug 1044077
- SUSE Bug 1044122
- SUSE Bug 1051855
- SUSE Bug 1051859
Описание
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9123
- SUSE Bug 1044009
Описание
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9124
- SUSE Bug 1044008
Описание
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9125
- SUSE Bug 1044122
Описание
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9126
- SUSE Bug 1044006
Описание
The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9127
- SUSE Bug 1044002
Описание
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.
Затронутые продукты
Ссылки
- CVE-2017-9128
- SUSE Bug 1044000
- SUSE Bug 1044002
- SUSE Bug 1044006
- SUSE Bug 1044008
- SUSE Bug 1044009
- SUSE Bug 1044077
- SUSE Bug 1044122
- SUSE Bug 1051855
- SUSE Bug 1051859