{"id":"MGASA-2017-0220","summary":"Updated libquicktime packages fix security vulnerabilities","details":"A DoS in quicktime_read_moov function in moov.c via acrafted mp4 file\nwas fixed (CVE-2017-9122).\n\nAn invalid memory read in lqt_frame_duration via a crafted mp4 file was\nfixed (CVE-2017-9123).\n\nA NULL pointer dereference in quicktime_match_32 via a crafted mp4 file\nwas fixed (CVE-2017-9124).\n\nA DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4\nfile was fixed (CVE-2017-9125).\n\nA heap-based buffer overflow in quicktime_read_dref_table via a crafted\nmp4 file was fixed (CVE-2017-9126).\n\nA heap-based buffer overflow in quicktime_user_atoms_read_atom via a\ncrafted mp4 file was fixed (CVE-2017-9127).\n\nA heap-based buffer over-read in quicktime_video_width via a crafted mp4\nfile was fixed (CVE-2017-9128).\n","modified":"2026-04-16T01:45:37.421358606Z","published":"2017-07-25T22:07:12Z","upstream":["CVE-2017-9122","CVE-2017-9123","CVE-2017-9124","CVE-2017-9125","CVE-2017-9126","CVE-2017-9127","CVE-2017-9128"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0220.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21196"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-07/msg00035.html"}],"affected":[{"package":{"name":"libquicktime","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libquicktime?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.4-10.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0220.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}