CVE-2017-9123
published 2017-06-12CVE-2017-9123: The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and…
PriorityP432medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EXPLOIT
EPSS
3.83%
88.8th percentile
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libquicktime | < libquicktime 2:1.2.4-11 (bookworm) | libquicktime 2:1.2.4-11 (bookworm) |
| libquicktime | libquicktime | — | — |
| libquicktime | libquicktime | >= 0 < 2:1.2.4-11 | 2:1.2.4-11 |
| libquicktime | libquicktime | >= 0 < 2:1.2.4-11 | 2:1.2.4-11 |
| libquicktime | libquicktime | >= 0 < 2:1.2.4-11 | 2:1.2.4-11 |
| libquicktime | libquicktime | >= 0 < 2:1.2.4-11 | 2:1.2.4-11 |
| libquicktime | libquicktime | >= 0 < 2:1.2.4-7+deb8u1ubuntu0.1 | 2:1.2.4-7+deb8u1ubuntu0.1 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
vendor_ubuntu6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rhc9-2644-9f3r: The lqt_frame_duration function in lqt_quicktime
ghsa_unreviewed·2022-05-13
CVE-2017-9123 [MEDIUM] CWE-125 GHSA-rhc9-2644-9f3r: The lqt_frame_duration function in lqt_quicktime
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
OSV
libquicktime vulnerabilities
osv·2020-09-25·CVSS 6.5
CVE-2017-9122 [MEDIUM] libquicktime vulnerabilities
libquicktime vulnerabilities
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked into opening a specially crafted MP4
file, a remote attacker could use this issue to cause a denial of service
(resource exhaustion). (CVE-2017-9122)
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked into opening a specially crafted MP4
file, a remote attacker could use this issue to cause libquicktime to
crash, resulting in a denial of service. (CVE-2017-9123, CVE-2017-9124,
CVE-2017-9126, CVE-2017-9127, CVE-2017-9128)
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked into opening a specially crafted MP4
file, a remote attacker could use
OSV
CVE-2017-9123: The lqt_frame_duration function in lqt_quicktime
osv·2017-06-12·CVSS 6.5
CVE-2017-9123 [MEDIUM] CVE-2017-9123: The lqt_frame_duration function in lqt_quicktime
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
Ubuntu
libquicktime vulnerabilities
vendor_ubuntu·2020-09-25·CVSS 6.5
CVE-2017-9122 [MEDIUM] libquicktime vulnerabilities
Title: libquicktime vulnerabilities
Summary: Several security issues were fixed in libquicktime.
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked into opening a specially crafted MP4
file, a remote attacker could use this issue to cause a denial of service
(resource exhaustion). (CVE-2017-9122)
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked into opening a specially crafted MP4
file, a remote attacker could use this issue to cause libquicktime to
crash, resulting in a denial of service. (CVE-2017-9123, CVE-2017-9124,
CVE-2017-9126, CVE-2017-9127, CVE-2017-9128)
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked i
Debian
CVE-2017-9123: libquicktime - The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows ...
vendor_debian·2017·CVSS 6.5
CVE-2017-9123 [MEDIUM] CVE-2017-9123: libquicktime - The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows ...
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
Scope: local
bookworm: resolved (fixed in 2:1.2.4-11)
bullseye: resolved (fixed in 2:1.2.4-11)
forky: resolved (fixed in 2:1.2.4-11)
sid: resolved (fixed in 2:1.2.4-11)
trixie: resolved (fixed in 2:1.2.4-11)
No detection rules found.
Exploit-DB
VX Search Enterprise 10.1.12 - Denial of Service
exploitdb·2018-01-08·CVSS 7.5
CVE-2017-15662 [HIGH] VX Search Enterprise 10.1.12 - Denial of Service
VX Search Enterprise 10.1.12 - Denial of Service
---
# Exploit Title: VX Search Enterprise Server v10.1.12 - Denial of Service
# Date: 2017-10-20
# Exploit Author: Ahmad Mahfouz
# Software Link: http://www.vxsearch.com/setups/vxsearchsrv_setup_v10.1.12.exe
# Version: v10.1.12
# Category; Windows Remote DOS
# CVE: CVE-2017-15662
# Author Homepage: www.unixawy.com
# Description In Flexense VX Search Enterprise Server v10.1.12, the Control Protocl suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.
import socket
target = "192.168.72.231"
port = 9123
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect((target,port))
packet = "\x75\x19\xba\xab\x03"
packet +="\x00\x00\x00\x01\x00\x00\x00\x1a"
packet += "\x00"
packet
Exploit-DB
libquicktime 1.2.4 - Denial of Service
exploitdb·2017-06-09·CVSS 6.5
CVE-2017-9128 [MEDIUM] libquicktime 1.2.4 - Denial of Service
libquicktime 1.2.4 - Denial of Service
---
libquicktime multiple vulnerabilities
Author : qflb.wu
Introduction:
The libquicktime package contains the libquicktime library, various plugins and codecs, along with graphical and command line utilities used for encoding and decoding QuickTime files. This is useful for reading and writing files in the QuickTime format. The goal of the project is to enhance, while providing compatibility with the Quicktime 4 Linux library.
Affected version:
1.2.4
Vulnerability Description:
##################################
1.
the quicktime_read_moov function in moov.c in libquicktime 1.2.4 can cause a denial of service(infinite loop and CPU consumption) via a crafted mp4 file.
./lqtplay libquicktime_1.2.4_quicktime_read_moov_infinite_loop.mp4
POC:
No writeups or analysis indexed.
2017-06-12
Published