MGASA-2017-0220

Source
https://advisories.mageia.org/MGASA-2017-0220.html
Import Source
https://advisories.mageia.org/MGASA-2017-0220.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2017-0220
Related
Published
2017-07-25T22:07:12Z
Modified
2017-07-25T21:53:47Z
Summary
Updated libquicktime packages fix security vulnerabilities
Details

A DoS in quicktimereadmoov function in moov.c via acrafted mp4 file was fixed (CVE-2017-9122).

An invalid memory read in lqtframeduration via a crafted mp4 file was fixed (CVE-2017-9123).

A NULL pointer dereference in quicktimematch32 via a crafted mp4 file was fixed (CVE-2017-9124).

A DoS in lqtframeduration function in lqt_quicktime.c via crafted mp4 file was fixed (CVE-2017-9125).

A heap-based buffer overflow in quicktimereaddref_table via a crafted mp4 file was fixed (CVE-2017-9126).

A heap-based buffer overflow in quicktimeuseratomsreadatom via a crafted mp4 file was fixed (CVE-2017-9127).

A heap-based buffer over-read in quicktimevideowidth via a crafted mp4 file was fixed (CVE-2017-9128).

References
Credits

Affected packages

Mageia:5 / libquicktime

Package

Name
libquicktime
Purl
pkg:rpm/mageia/libquicktime?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.4-10.2.mga5

Ecosystem specific

{
    "section": "core"
}