Bug#855099: libquicktime: CVE-2016-2399
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 14 04:54:11 UTC 2017
Source: libquicktime
Version: 2:1.2.4-7
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libquicktime.
CVE-2016-2399[0]:
| Integer overflow in the quicktime_read_pascal function in libquicktime
| 1.2.4 and earlier allows remote attackers to cause a denial of service
| or possibly have other unspecified impact via a crafted hdlr MP4 atom.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-2399
Regards,
Salvatore
More information about the pkg-multimedia-maintainers
mailing list