Bug 13972

Summary:	[CVE 21] libquicktime EXPLOIT 1.2.4 CVEs CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 https://www.exploit-db.com/download/42148 https://www.exploit-db.com/download/42148 https://www.exploit-db.com/downl
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Yury <y.tumanov>
Component:	System (kernel, glibc, systemd, bash, PAM...)	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	a.proklov, s.matveev, v.potapov
Version:	All	Flags:	v.potapov: qa_verified+ y.tumanov: secteam_verified+ a.proklov: published+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
URL:	CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2016-2399 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 https://www.exploit-db.com/download/42148 https://www.exploit-db.com/download/42148 https://www.exploit-db.com/download/42148 https://www.exploit-db.com/download/42148 https://www.exploit-db.com/download/42148 https://www.exploit-db.com/download/42148 https://www.exploit-db.com/download/42148 https://www.exploit-db.com/download/39487
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:
Attachments:	CVEspec

Description Yury 2023-10-20 15:05:01 MSK

libquicktime	1.2.4	CVE-2017-9122	The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.			7,1	HIGH	CWE-835			Найден	https://nvd.nist.gov/vuln/detail/CVE-2017-9122	https://www.exploit-db.com/download/42148
libquicktime	1.2.4	CVE-2017-9123	The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.			4,3	MEDIUM	CWE-125	CAPEC-540||		Не найден	https://nvd.nist.gov/vuln/detail/CVE-2017-9123	https://www.exploit-db.com/download/42148
libquicktime	1.2.4	CVE-2017-9124	The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.			4,3	MEDIUM	CWE-476			Не найден	https://nvd.nist.gov/vuln/detail/CVE-2017-9124	https://www.exploit-db.com/download/42148
libquicktime	1.2.4	CVE-2017-9125	The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.			4,3	MEDIUM	CWE-125	CAPEC-540||		Не найден	https://nvd.nist.gov/vuln/detail/CVE-2017-9125	https://www.exploit-db.com/download/42148
libquicktime	1.2.4	CVE-2017-9126	The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.			4,3	MEDIUM	CWE-119	CAPEC-10||CAPEC-100||CAPEC-123||CAPEC-14||CAPEC-24||CAPEC-42||CAPEC-44||CAPEC-45||CAPEC-46||CAPEC-47||CAPEC-8||CAPEC-9||		Не найден	https://nvd.nist.gov/vuln/detail/CVE-2017-9126	https://www.exploit-db.com/download/42148
libquicktime	1.2.4	CVE-2017-9127	The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.			4,3	MEDIUM	CWE-119	CAPEC-10||CAPEC-100||CAPEC-123||CAPEC-14||CAPEC-24||CAPEC-42||CAPEC-44||CAPEC-45||CAPEC-46||CAPEC-47||CAPEC-8||CAPEC-9||		Не найден	https://nvd.nist.gov/vuln/detail/CVE-2017-9127	https://www.exploit-db.com/download/42148
libquicktime	1.2.4	CVE-2017-9128	The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.			4,3	MEDIUM	CWE-125	CAPEC-540||		Не найден	https://nvd.nist.gov/vuln/detail/CVE-2017-9128	https://www.exploit-db.com/download/42148

Comment 1 Yury 2023-10-20 15:25:09 MSK

libquicktime	1.2.4	CVE-2016-2399	Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.			6,8	MEDIUM	CWE-190	CAPEC-92||		Найден	https://nvd.nist.gov/vuln/detail/CVE-2016-2399	https://www.exploit-db.com/download/39487

Comment 2 Svyatoslav Matveev 2023-10-20 18:52:55 MSK

********** QA ADVISORY **********

Закрыто патчами.

*** libquicktime
**  1.2.4 release +1

https://abf.io/build_lists/4759378
https://abf.io/build_lists/4759379
https://abf.io/build_lists/4759377
https://abf.io/build_lists/4759380
https://abf.io/build_lists/4759381

Comment 3 Vladimir Potapov 2023-10-21 09:36:14 MSK

*******************************************
The update sent to testings

Comment 4 Vladimir Potapov 2023-10-21 10:03:42 MSK

(In reply to Svyatoslav Matveev from comment #2)

> Закрыто патчами.
А там все CVE закрыты? Не вижу патч на CVE-2017-9126

Comment 5 Vladimir Potapov 2023-10-21 10:12:28 MSK

(In reply to Vladimir Potapov from comment #4)
> (In reply to Svyatoslav Matveev from comment #2)
> 
> > Закрыто патчами.
> А там все CVE закрыты? Не вижу патч на CVE-2017-9126
Тьфу, конечно же CVE-2016-2399

Comment 6 Svyatoslav Matveev 2023-10-21 11:08:19 MSK

Created attachment 5968 [details]
CVEspec

Comment 7 Svyatoslav Matveev 2023-10-21 11:09:15 MSK

(In reply to Vladimir Potapov from comment #5)
> (In reply to Vladimir Potapov from comment #4)
> > (In reply to Svyatoslav Matveev from comment #2)
> > 
> > > Закрыто патчами.
> > А там все CVE закрыты? Не вижу патч на CVE-2017-9126
> Тьфу, конечно же CVE-2016-2399

Закрыто все

Comment 8 Vladimir Potapov 2023-10-24 13:04:28 MSK

libquicktime-1.2.4-16
https://abf.io/build_lists/4759378
https://abf.io/build_lists/4759379
https://abf.io/build_lists/4759377
https://abf.io/build_lists/4759380
https://abf.io/build_lists/4759381
**************************** Advisory ************************
Many CVE fixed
**************************************************************
QA Verified

Comment 9 Yury 2023-10-27 20:13:48 MSK

secteam_verified