UbuntuUpdates.org

Package "libquicktime-doc"

Name: libquicktime-doc

Description:

library for reading and writing Quicktime files (documentation)

Latest version: 2:1.2.4-7+deb8u1ubuntu0.1
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: libquicktime
Homepage: http://libquicktime.sourceforge.net/

Links


Download "libquicktime-doc"


Other versions of "libquicktime-doc" in Xenial

Repository Area Version
base universe 2:1.2.4-7build3
security universe 2:1.2.4-7+deb8u1ubuntu0.1

Changelog

Version: 2:1.2.4-7+deb8u1ubuntu0.1 2020-09-23 18:06:51 UTC

  libquicktime (2:1.2.4-7+deb8u1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS caused by infinite loop, heap-based buffer
    over-read/write, and null ptr dereference
    - debian/patches/CVE-2017-9122-9218.patch: Add some sanity checks and
      adjust integer types to avoid memory handling errors.
    - CVE-2017-9122
    - CVE-2017-9123
    - CVE-2017-9124
    - CVE-2017-9125
    - CVE-2017-9126
    - CVE-2017-9127
    - CVE-2017-9128

 -- Mike Salvatore <email address hidden> Wed, 23 Sep 2020 09:02:05 -0400

Source diff to previous version
CVE-2017-9122 The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumpt
CVE-2017-9123 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read an
CVE-2017-9124 The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and ap
CVE-2017-9125 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over
CVE-2017-9126 The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overfl
CVE-2017-9127 The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buf
CVE-2017-9128 The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer o

Version: 2:1.2.4-7+deb8u1build0.16.04.1 2017-03-13 20:06:49 UTC

  libquicktime (2:1.2.4-7+deb8u1build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian




About   -   Send Feedback to @ubuntu_updates