Overview

File _patchinfo of Package patchinfo.5059

<patchinfo incident="5059">
  <issue id="1044006" tracker="bnc">VUL-1: CVE-2017-9126: libquicktime: heap-based buffer overflow in quicktime_read_dref_table via a crafted mp4 file</issue>
  <issue id="1044077" tracker="bnc">VUL-1: CVE-2017-9122: libquicktime: DoS in quicktime_read_moov function in moov.c via acrafted mp4 file</issue>
  <issue id="1044000" tracker="bnc">VUL-1: CVE-2017-9128: libquicktime: heap-based buffer over-read in quicktime_video_width via a crafted mp4 file</issue>
  <issue id="1044008" tracker="bnc">VUL-1: CVE-2017-9124: libquicktime: NULL pointer dereference in quicktime_match_32 via a crafted mp4 file</issue>
  <issue id="1044009" tracker="bnc">VUL-1: CVE-2017-9123: libquicktime: invalid memory read in lqt_frame_duration via a crafted mp4 file</issue>
  <issue id="1044002" tracker="bnc">VUL-1: CVE-2017-9127: libquicktime: heap-based buffer overflow in quicktime_user_atoms_read_atom via a crafted mp4 file</issue>
  <issue id="1044122" tracker="bnc">VUL-1: CVE-2017-9125: libquicktime: DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4 file</issue>
  <issue id="2017-9128" tracker="cve" />
  <issue id="2017-9126" tracker="cve" />
  <issue id="2017-9127" tracker="cve" />
  <issue id="2017-9124" tracker="cve" />
  <issue id="2017-9125" tracker="cve" />
  <issue id="2017-9122" tracker="cve" />
  <issue id="2017-9123" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>kstreitova</packager>
  <description>This update for libquicktime fixes the following issues:

* CVE-2017-9122: A DoS in quicktime_read_moov function in moov.c via acrafted mp4 file was fixed. (bsc#1044077)
* CVE-2017-9123: An invalid memory read in lqt_frame_duration via a crafted mp4 file was fixed. (bsc#1044009)
* CVE-2017-9124: A NULL pointer dereference in quicktime_match_32 via a crafted mp4 file was fixed. (bsc#1044008)
* CVE-2017-9125: A DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4 file was fixed. (bsc#1044122)
* CVE-2017-9126: A heap-based buffer overflow in quicktime_read_dref_table via a crafted mp4 file was fixed. (bsc#1044006)
* CVE-2017-9127: A heap-based buffer overflow in quicktime_user_atoms_read_atom via a crafted mp4 file was fixed. (bsc#1044002)
* CVE-2017-9128: A heap-based buffer over-read in quicktime_video_width via a crafted mp4 file was fixed. (bsc#1044000)
</description>
  <summary>Security update for libquicktime</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places