PT-2017-12364 · Libquicktime+1 · Libquicktime+1

Haojun H

Published

2017-08-02

Updated

2017-08-03

CVE-2017-12143

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libquicktime version 1.2.4

Description An allocation failure was found in the quicktime read info function in lqt quicktime.c, which allows attackers to cause a denial of service via a crafted file.

Recommendations For libquicktime version 1.2.4, consider avoiding the use of the quicktime read info function until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-12143

Affected Products

Debian

Libquicktime

PT-2017-12364 · Libquicktime+1 · Libquicktime+1

CVE-2017-12143

Weakness Enumeration

Related Identifiers

Affected Products

References · 9