Bug 612290 (CVE-2016-2399)

Summary:	<media-libs/libquicktime-1.2.4-r2: integer overflow in the quicktime_read_pascal function
Product:	Gentoo Security	Reporter:	Alexis Ballier <aballier>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	media-video
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399
See Also:	https://bugs.debian.org/855099
Whiteboard:	B3 [noglsa cve]
Package list:	=media-libs/libquicktime-1.2.4-r2	Runtime testing required:	---

Description Alexis Ballier gentoo-dev

2017-03-11 10:02:07 UTC

CVE-2016-2399

Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399

Comment 1 Agostino Sarubbo gentoo-dev

2017-03-11 13:31:55 UTC

amd64 stable

Comment 2 Agostino Sarubbo gentoo-dev

2017-03-11 13:42:49 UTC

x86 stable

Comment 3 Agostino Sarubbo gentoo-dev

2017-03-11 17:21:44 UTC

ia64 stable

Comment 4 Michael Weber (RETIRED) gentoo-dev

2017-03-11 23:06:21 UTC

ppc ppc64 stable.

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2017-03-14 16:18:52 UTC

Stable for HPPA.

Comment 6 Agostino Sarubbo gentoo-dev

2017-03-17 10:43:32 UTC

sparc stable

Comment 7 Tobias Klausmann (RETIRED) gentoo-dev

2017-04-04 19:29:53 UTC

Stable on alpha.

Comment 8 Yury German Gentoo Infrastructure

2017-04-29 05:58:06 UTC

Arches, Thank you for your work.
GLSA Vote: No

Maintainer(s), please drop the vulnerable version(s).

Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-04 21:44:56 UTC

Repository is clean, all done.