Updated libquicktime packages fix security vulnerabilities
Publication date: 25 Jul 2017Modification date: 25 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9122 , CVE-2017-9123 , CVE-2017-9124 , CVE-2017-9125 , CVE-2017-9126 , CVE-2017-9127 , CVE-2017-9128
Description
A DoS in quicktime_read_moov function in moov.c via acrafted mp4 file was fixed (CVE-2017-9122). An invalid memory read in lqt_frame_duration via a crafted mp4 file was fixed (CVE-2017-9123). A NULL pointer dereference in quicktime_match_32 via a crafted mp4 file was fixed (CVE-2017-9124). A DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4 file was fixed (CVE-2017-9125). A heap-based buffer overflow in quicktime_read_dref_table via a crafted mp4 file was fixed (CVE-2017-9126). A heap-based buffer overflow in quicktime_user_atoms_read_atom via a crafted mp4 file was fixed (CVE-2017-9127). A heap-based buffer over-read in quicktime_video_width via a crafted mp4 file was fixed (CVE-2017-9128).
References
- https://bugs.mageia.org/show_bug.cgi?id=21196
- https://lists.opensuse.org/opensuse-updates/2017-07/msg00035.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9122
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9123
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9124
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9125
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9126
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9128
SRPMS
5/core
- libquicktime-1.2.4-10.2.mga5