openSUSE Security Update : libquicktime (openSUSE-2017-785)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for libquicktime fixes the following issues :

- CVE-2017-9122: A DoS in quicktime_read_moov function in
moov.c via acrafted mp4 file was fixed. (boo#1044077)

- CVE-2017-9123: An invalid memory read in
lqt_frame_duration via a crafted mp4 file was fixed.
(boo#1044009)

- CVE-2017-9124: A NULL pointer dereference in
quicktime_match_32 via a crafted mp4 file was fixed.
(boo#1044008)

- CVE-2017-9125: A DoS in lqt_frame_duration function in
lqt_quicktime.c via crafted mp4 file was fixed.
(boo#1044122)

- CVE-2017-9126: A heap-based buffer overflow in
quicktime_read_dref_table via a crafted mp4 file was
fixed. (boo#1044006)

- CVE-2017-9127: A heap-based buffer overflow in
quicktime_user_atoms_read_atom via a crafted mp4 file
was fixed. (boo#1044002)

- CVE-2017-9128: A heap-based buffer over-read in
quicktime_video_width via a crafted mp4 file was fixed.
(boo#1044000)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1044000
https://bugzilla.opensuse.org/show_bug.cgi?id=1044002
https://bugzilla.opensuse.org/show_bug.cgi?id=1044006
https://bugzilla.opensuse.org/show_bug.cgi?id=1044008
https://bugzilla.opensuse.org/show_bug.cgi?id=1044009
https://bugzilla.opensuse.org/show_bug.cgi?id=1044077
https://bugzilla.opensuse.org/show_bug.cgi?id=1044122

Solution :

Update the affected libquicktime packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 101282 ()

Bugtraq ID:

CVE ID: CVE-2017-9122
CVE-2017-9123
CVE-2017-9124
CVE-2017-9125
CVE-2017-9126
CVE-2017-9127
CVE-2017-9128

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now