| Revision Date: | 2017-07-04 | Version: | 1 |
| Title: | Security update for libquicktime (Moderate) |
| Description: |
This update for libquicktime fixes the following issues:
CVE-2017-9122: A DoS in quicktime_read_moov function in moov.c via acrafted mp4 file was fixed. (bsc#1044077) * CVE-2017-9123: An invalid memory read in lqt_frame_duration via a crafted mp4 file was fixed. (bsc#1044009) * CVE-2017-9124: A NULL pointer dereference in quicktime_match_32 via a crafted mp4 file was fixed. (bsc#1044008) * CVE-2017-9125: A DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4 file was fixed. (bsc#1044122) * CVE-2017-9126: A heap-based buffer overflow in quicktime_read_dref_table via a crafted mp4 file was fixed. (bsc#1044006) * CVE-2017-9127: A heap-based buffer overflow in quicktime_user_atoms_read_atom via a crafted mp4 file was fixed. (bsc#1044002) * CVE-2017-9128: A heap-based buffer over-read in quicktime_video_width via a crafted mp4 file was fixed. (bsc#1044000)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1044000
1044002
1044006
1044008
1044009
1044077
1044122
CVE-2017-9122
CVE-2017-9123
CVE-2017-9124
CVE-2017-9125
CVE-2017-9126
CVE-2017-9127
CVE-2017-9128
SUSE-SU-2017:1769-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12 SP2
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP2 is installed AND libquicktime0-1.2.4-13.1 is installed
|