{"id":"UBUNTU-CVE-2016-2399","details":"Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.","modified":"2025-09-08T16:43:38Z","published":"2017-01-30T22:59:00Z","upstream":["CVE-2016-2399"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2399"},{"type":"REPORT","url":"http://www.nemux.org/2016/02/23/libquicktime-1-2-4/"},{"type":"REPORT","url":"https://packetstormsecurity.com/files/135899/libquicktime-1.2.4-Integer-Overflow.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2016-2399"}],"affected":[{"package":{"name":"libquicktime","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/libquicktime@2:1.2.4-7+deb8u1build0.16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:1.2.4-7+deb8u1build0.16.04.1"}]}],"versions":["2:1.2.4-7build2","2:1.2.4-7build3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2:1.2.4-7+deb8u1build0.16.04.1","binary_name":"libquicktime-dev"},{"binary_version":"2:1.2.4-7+deb8u1build0.16.04.1","binary_name":"libquicktime2"},{"binary_version":"2:1.2.4-7+deb8u1build0.16.04.1","binary_name":"quicktime-utils"},{"binary_version":"2:1.2.4-7+deb8u1build0.16.04.1","binary_name":"quicktime-x11utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-2399.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}