libquicktime CVE Vulnerabilities & Metrics

Focus on libquicktime vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About libquicktime Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with libquicktime. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total libquicktime CVEs: 10
Earliest CVE date: 30 Jan 2017, 22:59 UTC
Latest CVE date: 02 Aug 2017, 05:29 UTC

Latest CVE reference: CVE-2017-12145

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical libquicktime CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.83

Max CVSS: 7.1

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	9
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS libquicktime CVEs

These are the five CVEs with the highest CVSS scores for libquicktime, sorted by severity first and recency.

CVE-2017-9122 libquicktime Published on 12 Jun 2017, 06:29 UTC (CVSS: 7.1)
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
CVE-2016-2399 libquicktime Published on 30 Jan 2017, 22:59 UTC (CVSS: 6.8)
Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.
CVE-2017-12145 libquicktime Published on 02 Aug 2017, 05:29 UTC (CVSS: 4.3)
In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-12143 libquicktime Published on 02 Aug 2017, 05:29 UTC (CVSS: 4.3)
In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9128 libquicktime Published on 12 Jun 2017, 06:29 UTC (CVSS: 4.3)
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.

All CVEs for libquicktime

CVE-2017-12145 libquicktime vulnerability CVSS: 4.3 02 Aug 2017, 05:29 UTC

In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-12143 libquicktime vulnerability CVSS: 4.3 02 Aug 2017, 05:29 UTC

In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-9128 libquicktime vulnerability CVSS: 4.3 12 Jun 2017, 06:29 UTC

The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.

CVE-2017-9127 libquicktime vulnerability CVSS: 4.3 12 Jun 2017, 06:29 UTC

The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.

CVE-2017-9126 libquicktime vulnerability CVSS: 4.3 12 Jun 2017, 06:29 UTC

The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.

CVE-2017-9125 libquicktime vulnerability CVSS: 4.3 12 Jun 2017, 06:29 UTC

The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.

CVE-2017-9124 libquicktime vulnerability CVSS: 4.3 12 Jun 2017, 06:29 UTC

The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

CVE-2017-9123 libquicktime vulnerability CVSS: 4.3 12 Jun 2017, 06:29 UTC

The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

CVE-2017-9122 libquicktime vulnerability CVSS: 7.1 12 Jun 2017, 06:29 UTC

The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.

CVE-2016-2399 libquicktime vulnerability CVSS: 6.8 30 Jan 2017, 22:59 UTC

Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.