Advisories » MGASA-2017-0084

Updated libquicktime packages fix security vulnerability

Publication date: 25 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2399

Description

Integer overflow in the quicktime_read_pascal function in libquicktime
1.2.4 and earlier allows remote attackers to cause a denial of service or
possibly have other unspecified impact via a crafted hdlr MP4 atom.
(CVE-2016-2399)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20357
• https://lists.opensuse.org/opensuse-updates/2017-02/msg00102.html
• https://bugzilla.suse.com/show_bug.cgi?id=1022805
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399

SRPMS

5/tainted

• libquicktime-1.2.4-10.1.mga5.tainted

5/core

• libquicktime-1.2.4-10.1.mga5