Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 612290 (CVE-2016-2399) - <media-libs/libquicktime-1.2.4-r2: integer overflow in the quicktime_read_pascal function
Summary: <media-libs/libquicktime-1.2.4-r2: integer overflow in the quicktime_read_pas...
Status: RESOLVED FIXED
Alias: CVE-2016-2399
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-11 10:02 UTC by Alexis Ballier
Modified: 2017-06-04 21:44 UTC (History)
1 user (show)

See Also:
Package list:
=media-libs/libquicktime-1.2.4-r2
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexis Ballier gentoo-dev 2017-03-11 10:02:07 UTC 
CVE-2016-2399

Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399
Comment 1 Agostino Sarubbo gentoo-dev 2017-03-11 13:31:55 UTC 
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2017-03-11 13:42:49 UTC 
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-03-11 17:21:44 UTC 
ia64 stable
Comment 4 Michael Weber (RETIRED) gentoo-dev 2017-03-11 23:06:21 UTC 
ppc ppc64 stable.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2017-03-14 16:18:52 UTC 
Stable for HPPA.
Comment 6 Agostino Sarubbo gentoo-dev 2017-03-17 10:43:32 UTC 
sparc stable
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2017-04-04 19:29:53 UTC 
Stable on alpha.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2017-04-29 05:58:06 UTC 
Arches, Thank you for your work.
GLSA Vote: No

Maintainer(s), please drop the vulnerable version(s).
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-04 21:44:56 UTC 
Repository is clean, all done.