SUSE-SU-2017:1988-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:1988-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2017:1988-1

Related

Published

2017-07-28T08:41:51Z

Modified

2017-07-28T08:41:51Z

Summary

Security update for libquicktime

Details

This update for libquicktime fixes the following issues:

Security issues fixed: - CVE-2017-9122: A DoS in quicktimereadmoov function in moov.c via a crafted mp4 file was fixed. (bsc#1044077) - CVE-2017-9123: An invalid memory read in lqtframeduration via a crafted mp4 file was fixed. (bsc#1044009) - CVE-2017-9124: A NULL pointer dereference in quicktimematch32 via a crafted mp4 file was fixed. (bsc#1044008) - CVE-2017-9125: A DoS in lqtframeduration function in lqtquicktime.c via crafted mp4 file was fixed. (bsc#1044122) - CVE-2017-9126: A heap-based buffer overflow in quicktimereaddreftable via a crafted mp4 file was fixed. (bsc#1044006) - CVE-2017-9127: A heap-based buffer overflow in quicktimeuseratomsreadatom via a crafted mp4 file was fixed. (bsc#1044002) - CVE-2017-9128: A heap-based buffer over-read in quicktimevideowidth via a crafted mp4 file was fixed. (bsc#1044000) - CVE-2016-2399: Adjust fix to prevent endless loop when there are less than 256 bytes to read. (bsc#1022805)

References

Affected packages

SUSE:Linux Enterprise Software Development Kit 11 SP4 / libquicktime

Package

Name: libquicktime
Purl: purl:rpm/suse/libquicktime&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.3-6.5.1

Ecosystem specific

{
    "binaries": [
        {
            "libquicktime": "1.0.3-6.5.1",
            "libquicktime-devel": "1.0.3-6.5.1"
        }
    ]
}