libquicktime-1.2.4+git20180804.fff99cd-2.10 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10978 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libquicktime-1.2.4+git20180804.fff99cd-2.10 on GA media These are all security issues fixed in the libquicktime-1.2.4+git20180804.fff99cd-2.10 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10978 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10978 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-2399/ SUSE CVE CVE-2016-2399 page https://www.suse.com/security/cve/CVE-2017-9122/ SUSE CVE CVE-2017-9122 page https://www.suse.com/security/cve/CVE-2017-9123/ SUSE CVE CVE-2017-9123 page https://www.suse.com/security/cve/CVE-2017-9124/ SUSE CVE CVE-2017-9124 page https://www.suse.com/security/cve/CVE-2017-9125/ SUSE CVE CVE-2017-9125 page https://www.suse.com/security/cve/CVE-2017-9126/ SUSE CVE CVE-2017-9126 page https://www.suse.com/security/cve/CVE-2017-9127/ SUSE CVE CVE-2017-9127 page https://www.suse.com/security/cve/CVE-2017-9128/ SUSE CVE CVE-2017-9128 page openSUSE Tumbleweed libquicktime-1.2.4+git20180804.fff99cd-2.10 libquicktime-32bit-1.2.4+git20180804.fff99cd-2.10 libquicktime-devel-1.2.4+git20180804.fff99cd-2.10 libquicktime-lang-1.2.4+git20180804.fff99cd-2.10 libquicktime-tools-1.2.4+git20180804.fff99cd-2.10 libquicktime0-1.2.4+git20180804.fff99cd-2.10 libquicktime0-32bit-1.2.4+git20180804.fff99cd-2.10 libquicktime-1.2.4+git20180804.fff99cd-2.10 as a component of openSUSE Tumbleweed libquicktime-32bit-1.2.4+git20180804.fff99cd-2.10 as a component of openSUSE Tumbleweed libquicktime-devel-1.2.4+git20180804.fff99cd-2.10 as a component of openSUSE Tumbleweed libquicktime-lang-1.2.4+git20180804.fff99cd-2.10 as a component of openSUSE Tumbleweed libquicktime-tools-1.2.4+git20180804.fff99cd-2.10 as a component of openSUSE Tumbleweed libquicktime0-1.2.4+git20180804.fff99cd-2.10 as a component of openSUSE Tumbleweed libquicktime0-32bit-1.2.4+git20180804.fff99cd-2.10 as a component of openSUSE Tumbleweed Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. CVE-2016-2399 openSUSE Tumbleweed:libquicktime-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-32bit-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-devel-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-lang-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-tools-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-32bit-1.2.4+git20180804.fff99cd-2.10 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2399.html CVE-2016-2399 https://bugzilla.suse.com/1022805 SUSE Bug 1022805 The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. CVE-2017-9122 openSUSE Tumbleweed:libquicktime-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-32bit-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-devel-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-lang-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-tools-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-32bit-1.2.4+git20180804.fff99cd-2.10 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9122.html CVE-2017-9122 https://bugzilla.suse.com/1044000 SUSE Bug 1044000 https://bugzilla.suse.com/1044002 SUSE Bug 1044002 https://bugzilla.suse.com/1044006 SUSE Bug 1044006 https://bugzilla.suse.com/1044008 SUSE Bug 1044008 https://bugzilla.suse.com/1044009 SUSE Bug 1044009 https://bugzilla.suse.com/1044077 SUSE Bug 1044077 https://bugzilla.suse.com/1044122 SUSE Bug 1044122 https://bugzilla.suse.com/1051855 SUSE Bug 1051855 https://bugzilla.suse.com/1051859 SUSE Bug 1051859 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. CVE-2017-9123 openSUSE Tumbleweed:libquicktime-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-32bit-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-devel-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-lang-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-tools-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-32bit-1.2.4+git20180804.fff99cd-2.10 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9123.html CVE-2017-9123 https://bugzilla.suse.com/1044009 SUSE Bug 1044009 The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. CVE-2017-9124 openSUSE Tumbleweed:libquicktime-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-32bit-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-devel-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-lang-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-tools-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-32bit-1.2.4+git20180804.fff99cd-2.10 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9124.html CVE-2017-9124 https://bugzilla.suse.com/1044008 SUSE Bug 1044008 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. CVE-2017-9125 openSUSE Tumbleweed:libquicktime-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-32bit-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-devel-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-lang-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-tools-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-32bit-1.2.4+git20180804.fff99cd-2.10 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9125.html CVE-2017-9125 https://bugzilla.suse.com/1044122 SUSE Bug 1044122 The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. CVE-2017-9126 openSUSE Tumbleweed:libquicktime-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-32bit-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-devel-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-lang-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-tools-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-32bit-1.2.4+git20180804.fff99cd-2.10 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9126.html CVE-2017-9126 https://bugzilla.suse.com/1044006 SUSE Bug 1044006 The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. CVE-2017-9127 openSUSE Tumbleweed:libquicktime-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-32bit-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-devel-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-lang-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-tools-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-32bit-1.2.4+git20180804.fff99cd-2.10 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9127.html CVE-2017-9127 https://bugzilla.suse.com/1044002 SUSE Bug 1044002 The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file. CVE-2017-9128 openSUSE Tumbleweed:libquicktime-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-32bit-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-devel-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-lang-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime-tools-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-1.2.4+git20180804.fff99cd-2.10 openSUSE Tumbleweed:libquicktime0-32bit-1.2.4+git20180804.fff99cd-2.10 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9128.html CVE-2017-9128 https://bugzilla.suse.com/1044000 SUSE Bug 1044000 https://bugzilla.suse.com/1044002 SUSE Bug 1044002 https://bugzilla.suse.com/1044006 SUSE Bug 1044006 https://bugzilla.suse.com/1044008 SUSE Bug 1044008 https://bugzilla.suse.com/1044009 SUSE Bug 1044009 https://bugzilla.suse.com/1044077 SUSE Bug 1044077 https://bugzilla.suse.com/1044122 SUSE Bug 1044122 https://bugzilla.suse.com/1051855 SUSE Bug 1051855 https://bugzilla.suse.com/1051859 SUSE Bug 1051859