UbuntuUpdates.org

Package "libquicktime"

Name: libquicktime

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • library for reading and writing Quicktime files (development)
  • library for reading and writing Quicktime files (documentation)
  • library for reading and writing Quicktime files
  • library for reading and writing Quicktime files (utilities)

Latest version: 2:1.2.4-7+deb8u1ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: universe

Links



Other versions of "libquicktime" in Xenial

Repository Area Version
base universe 2:1.2.4-7build3
updates universe 2:1.2.4-7+deb8u1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:1.2.4-7+deb8u1ubuntu0.1 2020-09-23 17:06:55 UTC

  libquicktime (2:1.2.4-7+deb8u1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS caused by infinite loop, heap-based buffer
    over-read/write, and null ptr dereference
    - debian/patches/CVE-2017-9122-9218.patch: Add some sanity checks and
      adjust integer types to avoid memory handling errors.
    - CVE-2017-9122
    - CVE-2017-9123
    - CVE-2017-9124
    - CVE-2017-9125
    - CVE-2017-9126
    - CVE-2017-9127
    - CVE-2017-9128

 -- Mike Salvatore <email address hidden> Wed, 23 Sep 2020 09:02:05 -0400

Source diff to previous version
CVE-2017-9122 The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumpt
CVE-2017-9123 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read an
CVE-2017-9124 The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and ap
CVE-2017-9125 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over
CVE-2017-9126 The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overfl
CVE-2017-9127 The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buf
CVE-2017-9128 The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer o

Version: 2:1.2.4-7+deb8u1build0.16.04.1 2017-03-13 19:06:55 UTC

  libquicktime (2:1.2.4-7+deb8u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian




About   -   Send Feedback to @ubuntu_updates