Advisories ยป MGASA-2017-0220

Updated libquicktime packages fix security vulnerabilities

Publication date: 25 Jul 2017
Modification date: 25 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9122 , CVE-2017-9123 , CVE-2017-9124 , CVE-2017-9125 , CVE-2017-9126 , CVE-2017-9127 , CVE-2017-9128

Description

A DoS in quicktime_read_moov function in moov.c via acrafted mp4 file
was fixed (CVE-2017-9122).

An invalid memory read in lqt_frame_duration via a crafted mp4 file was
fixed (CVE-2017-9123).

A NULL pointer dereference in quicktime_match_32 via a crafted mp4 file
was fixed (CVE-2017-9124).

A DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4
file was fixed (CVE-2017-9125).

A heap-based buffer overflow in quicktime_read_dref_table via a crafted
mp4 file was fixed (CVE-2017-9126).

A heap-based buffer overflow in quicktime_user_atoms_read_atom via a
crafted mp4 file was fixed (CVE-2017-9127).

A heap-based buffer over-read in quicktime_video_width via a crafted mp4
file was fixed (CVE-2017-9128).
                

References

SRPMS

5/core