Vulnerabilities > CVE-2016-2399 - Integer Overflow or Wraparound vulnerability in Libquicktime 1.2.4
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Exploit-Db
description | libquicktime 1.2.4 - Integer Overflow. CVE-2016-2399. Dos exploits for multiple platform |
file | exploits/multiple/dos/39487.py |
id | EDB-ID:39487 |
last seen | 2016-02-24 |
modified | 2016-02-23 |
platform | multiple |
port | |
published | 2016-02-23 |
reporter | Marco Romano |
source | https://www.exploit-db.com/download/39487/ |
title | libquicktime 1.2.4 - Integer Overflow |
type | dos |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1986-1.NASL description This update for libquicktime fixes the following issues: Security issue fixed : - CVE-2016-2399: Adjust patch to prevent endless loop when there are less than 256 bytes to read. (bsc#1022805) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102066 published 2017-07-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102066 title SUSE SLED12 / SLES12 Security Update : libquicktime (SUSE-SU-2017:1986-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:1986-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(102066); script_version("3.6"); script_cvs_date("Date: 2019/09/11 11:22:15"); script_cve_id("CVE-2016-2399"); script_name(english:"SUSE SLED12 / SLES12 Security Update : libquicktime (SUSE-SU-2017:1986-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for libquicktime fixes the following issues: Security issue fixed : - CVE-2016-2399: Adjust patch to prevent endless loop when there are less than 256 bytes to read. (bsc#1022805) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1022805" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-2399/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20171986-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?36313e4f" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1229=1 SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1229=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1229=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1229=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1229=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1229=1 SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1229=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libquicktime-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libquicktime0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libquicktime0-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/30"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2/3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", reference:"libquicktime-debugsource-1.2.4-14.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libquicktime0-1.2.4-14.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libquicktime0-debuginfo-1.2.4-14.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libquicktime-debugsource-1.2.4-14.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libquicktime0-1.2.4-14.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libquicktime0-debuginfo-1.2.4-14.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libquicktime-debugsource-1.2.4-14.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libquicktime0-1.2.4-14.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libquicktime0-debuginfo-1.2.4-14.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libquicktime-debugsource-1.2.4-14.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libquicktime0-1.2.4-14.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libquicktime0-debuginfo-1.2.4-14.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libquicktime"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-844.NASL description Marco last seen 2020-03-17 modified 2017-03-01 plugin id 97441 published 2017-03-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97441 title Debian DLA-844-1 : libquicktime security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-844-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(97441); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2016-2399"); script_name(english:"Debian DLA-844-1 : libquicktime security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Marco 'nemux' Romano discovered that an integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. For Debian 7 'Wheezy', these problems have been fixed in version 2:1.2.4-3+deb7u1. We recommend that you upgrade your libquicktime packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/03/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/libquicktime" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libquicktime-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libquicktime-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libquicktime2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:quicktime-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:quicktime-x11utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libquicktime-dev", reference:"2:1.2.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libquicktime-doc", reference:"2:1.2.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libquicktime2", reference:"2:1.2.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"quicktime-utils", reference:"2:1.2.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"quicktime-x11utils", reference:"2:1.2.4-3+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0610-1.NASL description This update for libquicktime fixes the following issues : - A crafted MP4 file could have caused libquicktime to crash or lead to undefined behaviour (bsc#1022805, CVE-2016-2399) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97572 published 2017-03-07 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97572 title SUSE SLED12 / SLES12 Security Update : libquicktime (SUSE-SU-2017:0610-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:0610-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(97572); script_version("3.6"); script_cvs_date("Date: 2019/09/11 11:22:15"); script_cve_id("CVE-2016-2399"); script_name(english:"SUSE SLED12 / SLES12 Security Update : libquicktime (SUSE-SU-2017:0610-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for libquicktime fixes the following issues : - A crafted MP4 file could have caused libquicktime to crash or lead to undefined behaviour (bsc#1022805, CVE-2016-2399) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1022805" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-2399/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20170610-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b155abf5" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-326=1 SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-326=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-326=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-326=1 SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-326=1 SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-326=1 SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-326=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libquicktime-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libquicktime0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libquicktime0-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/30"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1/2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"libquicktime-debugsource-1.2.4-10.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libquicktime0-1.2.4-10.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libquicktime0-debuginfo-1.2.4-10.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libquicktime-debugsource-1.2.4-10.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libquicktime0-1.2.4-10.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libquicktime0-debuginfo-1.2.4-10.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libquicktime-debugsource-1.2.4-10.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libquicktime0-1.2.4-10.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libquicktime0-debuginfo-1.2.4-10.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libquicktime-debugsource-1.2.4-10.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libquicktime0-1.2.4-10.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libquicktime0-debuginfo-1.2.4-10.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libquicktime"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3800.NASL description Marco Romano discovered that libquicktime, a library for reading and writing QuickTime files, was vulnerable to an integer overflow attack. When opened, a specially crafted MP4 file would cause a denial of service by crashing the application. last seen 2020-06-01 modified 2020-06-02 plugin id 97498 published 2017-03-03 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97498 title Debian DSA-3800-1 : libquicktime - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3800. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(97498); script_version("3.5"); script_cvs_date("Date: 2018/11/10 11:49:38"); script_cve_id("CVE-2016-2399"); script_xref(name:"DSA", value:"3800"); script_name(english:"Debian DSA-3800-1 : libquicktime - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Marco Romano discovered that libquicktime, a library for reading and writing QuickTime files, was vulnerable to an integer overflow attack. When opened, a specially crafted MP4 file would cause a denial of service by crashing the application." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/libquicktime" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2017/dsa-3800" ); script_set_attribute( attribute:"solution", value: "Upgrade the libquicktime packages. For the stable distribution (jessie), this problem has been fixed in version 2:1.2.4-7+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libquicktime"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libquicktime-dev", reference:"2:1.2.4-7+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libquicktime-doc", reference:"2:1.2.4-7+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libquicktime2", reference:"2:1.2.4-7+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"quicktime-utils", reference:"2:1.2.4-7+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"quicktime-x11utils", reference:"2:1.2.4-7+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-288.NASL description This update for libquicktime fixes the following issues : - CVE-2016-2399: A Integer overflow in the quicktime_read_pascal function in libquicktime allowed remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom [boo#1022805] last seen 2020-06-05 modified 2017-02-24 plugin id 97368 published 2017-02-24 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97368 title openSUSE Security Update : libquicktime (openSUSE-2017-288)
Packetstorm
data source | https://packetstormsecurity.com/files/download/135899/libquicktime_CVE-2016-2399-PoC.py.txt |
id | PACKETSTORM:135899 |
last seen | 2016-12-05 |
published | 2016-02-23 |
reporter | Marco Romano |
source | https://packetstormsecurity.com/files/135899/libquicktime-1.2.4-Integer-Overflow.html |
title | libquicktime 1.2.4 Integer Overflow |
References
- http://www.debian.org/security/2017/dsa-3800
- http://www.debian.org/security/2017/dsa-3800
- http://www.nemux.org/2016/02/23/libquicktime-1-2-4/
- http://www.nemux.org/2016/02/23/libquicktime-1-2-4/
- http://www.securityfocus.com/bid/95880
- http://www.securityfocus.com/bid/95880
- https://packetstormsecurity.com/files/135899/libquicktime-1.2.4-Integer-Overflow.html
- https://packetstormsecurity.com/files/135899/libquicktime-1.2.4-Integer-Overflow.html
- https://www.exploit-db.com/exploits/39487/
- https://www.exploit-db.com/exploits/39487/