The quicktimematch32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2:1.2.4-7+deb8u1ubuntu0.1", "binary_name": "libquicktime-dev" }, { "binary_version": "2:1.2.4-7+deb8u1ubuntu0.1", "binary_name": "libquicktime-doc" }, { "binary_version": "2:1.2.4-7+deb8u1ubuntu0.1", "binary_name": "libquicktime2" }, { "binary_version": "2:1.2.4-7+deb8u1ubuntu0.1", "binary_name": "libquicktime2-dbgsym" }, { "binary_version": "2:1.2.4-7+deb8u1ubuntu0.1", "binary_name": "quicktime-utils" }, { "binary_version": "2:1.2.4-7+deb8u1ubuntu0.1", "binary_name": "quicktime-utils-dbgsym" }, { "binary_version": "2:1.2.4-7+deb8u1ubuntu0.1", "binary_name": "quicktime-x11utils" }, { "binary_version": "2:1.2.4-7+deb8u1ubuntu0.1", "binary_name": "quicktime-x11utils-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2:1.2.4-11", "binary_name": "libquicktime-dev" }, { "binary_version": "2:1.2.4-11", "binary_name": "libquicktime-doc" }, { "binary_version": "2:1.2.4-11", "binary_name": "libquicktime2" }, { "binary_version": "2:1.2.4-11", "binary_name": "libquicktime2-dbgsym" }, { "binary_version": "2:1.2.4-11", "binary_name": "quicktime-utils" }, { "binary_version": "2:1.2.4-11", "binary_name": "quicktime-utils-dbgsym" }, { "binary_version": "2:1.2.4-11", "binary_name": "quicktime-x11utils" }, { "binary_version": "2:1.2.4-11", "binary_name": "quicktime-x11utils-dbgsym" } ] }