Your submission was sent successfully! Close

CVE-2016-2399

Published: 30 January 2017

Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
libquicktime
Launchpad, Ubuntu, Debian
artful Not vulnerable
(2:1.2.4-10)
bionic Not vulnerable
(2:1.2.4-10)
cosmic Not vulnerable
(2:1.2.4-10)
disco Not vulnerable
(2:1.2.4-10)
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was needed)
upstream
Released (2:1.2.4-10)
xenial
Released (2:1.2.4-7+deb8u1build0.16.04.1)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(2:1.2.4-10)