CVE-2017-9124
published 2017-06-12CVE-2017-9124: The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application…
PriorityP432medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EXPLOIT
EPSS
3.83%
88.8th percentile
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libquicktime | < libquicktime 2:1.2.4-11 (bookworm) | libquicktime 2:1.2.4-11 (bookworm) |
| libquicktime | libquicktime | — | — |
| libquicktime | libquicktime | >= 0 < 2:1.2.4-11 | 2:1.2.4-11 |
| libquicktime | libquicktime | >= 0 < 2:1.2.4-11 | 2:1.2.4-11 |
| libquicktime | libquicktime | >= 0 < 2:1.2.4-11 | 2:1.2.4-11 |
| libquicktime | libquicktime | >= 0 < 2:1.2.4-11 | 2:1.2.4-11 |
| libquicktime | libquicktime | >= 0 < 2:1.2.4-7+deb8u1ubuntu0.1 | 2:1.2.4-7+deb8u1ubuntu0.1 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
vendor_ubuntu6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-556c-fvgv-7mx6: The quicktime_match_32 function in util
ghsa_unreviewed·2022-05-13
CVE-2017-9124 [MEDIUM] CWE-476 GHSA-556c-fvgv-7mx6: The quicktime_match_32 function in util
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
OSV
libquicktime vulnerabilities
osv·2020-09-25·CVSS 6.5
CVE-2017-9122 [MEDIUM] libquicktime vulnerabilities
libquicktime vulnerabilities
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked into opening a specially crafted MP4
file, a remote attacker could use this issue to cause a denial of service
(resource exhaustion). (CVE-2017-9122)
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked into opening a specially crafted MP4
file, a remote attacker could use this issue to cause libquicktime to
crash, resulting in a denial of service. (CVE-2017-9123, CVE-2017-9124,
CVE-2017-9126, CVE-2017-9127, CVE-2017-9128)
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked into opening a specially crafted MP4
file, a remote attacker could use
OSV
CVE-2017-9124: The quicktime_match_32 function in util
osv·2017-06-12·CVSS 6.5
CVE-2017-9124 [MEDIUM] CVE-2017-9124: The quicktime_match_32 function in util
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
Ubuntu
libquicktime vulnerabilities
vendor_ubuntu·2020-09-25·CVSS 6.5
CVE-2017-9122 [MEDIUM] libquicktime vulnerabilities
Title: libquicktime vulnerabilities
Summary: Several security issues were fixed in libquicktime.
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked into opening a specially crafted MP4
file, a remote attacker could use this issue to cause a denial of service
(resource exhaustion). (CVE-2017-9122)
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked into opening a specially crafted MP4
file, a remote attacker could use this issue to cause libquicktime to
crash, resulting in a denial of service. (CVE-2017-9123, CVE-2017-9124,
CVE-2017-9126, CVE-2017-9127, CVE-2017-9128)
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked i
Debian
CVE-2017-9124: libquicktime - The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote at...
vendor_debian·2017·CVSS 6.5
CVE-2017-9124 [MEDIUM] CVE-2017-9124: libquicktime - The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote at...
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
Scope: local
bookworm: resolved (fixed in 2:1.2.4-11)
bullseye: resolved (fixed in 2:1.2.4-11)
forky: resolved (fixed in 2:1.2.4-11)
sid: resolved (fixed in 2:1.2.4-11)
trixie: resolved (fixed in 2:1.2.4-11)
No detection rules found.
No writeups or analysis indexed.
2017-06-12
Published