CVE-2016-2399

HIGH

libquicktime < 1.2.4 - Integer Overflow in quicktime_read_pascal Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-2399. PoCs published by Marco Romano.

AI-analyzed exploit summary This PoC exploits an integer overflow vulnerability in libquicktime <= 1.2.4 by crafting a malicious MP4 file with manipulated 'hdlr' atom data. The overflow occurs due to improper handling of atom lengths, leading to a crash or potential arbitrary code execution.

Description

Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.

Exploits (1)

exploitdb WORKING POC

by Marco Romano · pythondosmultiple

https://www.exploit-db.com/exploits/39487

View Code ZIP pw:eip

This PoC exploits an integer overflow vulnerability in libquicktime <= 1.2.4 by crafting a malicious MP4 file with manipulated 'hdlr' atom data. The overflow occurs due to improper handling of atom lengths, leading to a crash or potential arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: libquicktime <= 1.2.4

No auth needed

Prerequisites: A system with libquicktime <= 1.2.4 installed · Ability to deliver the malicious MP4 file to the target

MITRE ATT&CK

T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2017/dsa-3800

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39487/

Exploit, Technical Description, Third Party Advisory x_refsource_misc

http://www.nemux.org/2016/02/23/libquicktime-1-2-4/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/95880

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://packetstormsecurity.com/files/135899/libquicktime-1.2.4-Integer-Overflow.html

Scores

CVSS v3 7.8

EPSS 0.0718

EPSS Percentile 93.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (1)

libquicktime/libquicktime < 1.2.4

Published Jan 30, 2017

Tracked Since Feb 18, 2026