This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update for libquicktime fixes the following issues :
- CVE-2017-9122: A DoS in quicktime_read_moov function in
moov.c via acrafted mp4 file was fixed. (boo#1044077)
- CVE-2017-9123: An invalid memory read in
lqt_frame_duration via a crafted mp4 file was fixed.
- CVE-2017-9124: A NULL pointer dereference in
quicktime_match_32 via a crafted mp4 file was fixed.
- CVE-2017-9125: A DoS in lqt_frame_duration function in
lqt_quicktime.c via crafted mp4 file was fixed.
- CVE-2017-9126: A heap-based buffer overflow in
quicktime_read_dref_table via a crafted mp4 file was
- CVE-2017-9127: A heap-based buffer overflow in
quicktime_user_atoms_read_atom via a crafted mp4 file
was fixed. (boo#1044002)
- CVE-2017-9128: A heap-based buffer over-read in
quicktime_video_width via a crafted mp4 file was fixed.
See also :
Update the affected libquicktime packages.
Risk factor :
High / CVSS Base Score : 7.1
Family: SuSE Local Security Checks
Nessus Plugin ID: 101282 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now