Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorydenial of servicesecurity issueUbuntu 16.04 LTS: USN-4545-1 Critical: Libquicktime Denial Of Service
Several security issues were fixed in libquicktime.. =========================================================================Ubuntu Security Notice USN-4545-1 September 25, 2020 libquicktime vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in libquicktime. Software Description: - libquicktime: Library for reading and writing quicktime files Details: It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause a denial of service (resource exhaustion). (CVE-2017-9122) It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause libquicktime to crash, resulting in a denial of service. (CVE-2017-9123, CVE-2017-9124, CVE-2017-9126, CVE-2017-9127, CVE-2017-9128) It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause a denial of service. (CVE-2017-9125) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libquicktime2 2:1.2.4-7+deb8u1ubuntu0.1 quicktime-utils 2:1.2.4-7+deb8u1ubuntu0.1 quicktime-x11utils 2:1.2.4-7+deb8u1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4545-1 CVE-2017-9122, CVE-2017-9123, CVE-2017-9124, CVE-2017-9125, CVE-2017-9126, CVE-2017-9127, CVE-2017-9128 Package Information: https://launchpad.net/ubuntu/+source/libquicktime/2:1.2.4-7+deb8u1ubuntu0.1 . Multiple vulnerabilities in libquicktime addressed in Ubuntu Security Notice USN-4546-1 to mitigate potential denial of service threats.. libquicktime security, Ubuntu update, denial of service risk. . Severity: Critical. LinuxSecurity.com Team
Sep 25, 2020
•Critical
Ubuntu
197
security advisorydenial of servicesecurity issueDebian 7: DLA-2042-2 Critical: libquicktime Denial Of Service
CVE-2017-9122 The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU . Hash: SHA512 Package : libquicktime Version : 2:1.2.4-3+deb7u2 CVE ID : CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 Debian Bug : 864664 CVE-2017-9122 The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. CVE-2017-9123 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. CVE-2017-9124 The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. CVE-2017-9125 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. CVE-2017-9126 The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. CVE-2017-9127 The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. CVE-2017-9128 The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file. For Debian 7 "Wheezy", these problems have been fixed in version 2:1.2.4-3+deb7u2. We recommendthat you upgrade your libquicktime packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Concerns have been raised regarding several vulnerabilities within libquicktime that impact Debian 7. An upgrade is advised to alleviate potential threats.. libquicktime update,Debian security fix,denial risk mitigation. . Severity: Critical. LinuxSecurity.com Team
Jul 28, 2017
•Critical
Debian LTS
87
security advisorydenial of servicedebianDebian 8: DSA-3800-1 Critical: Libquicktime Integer Overflow DoS
Marco Romano discovered that libquicktime, a library for reading and writing QuickTime files, was vulnerable to an integer overflow attack. When opened, a specially crafted MP4 file would cause a denial of service by crashing the application. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3800-1
Mar 02, 2017
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!