Description
A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223295.
Affected Software
Related
{"id": "CVE-2023-1450", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2023-1450", "description": "A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223295.", "published": "2023-03-17T07:15:00", "modified": "2023-03-23T15:47:00", "epss": [{"cve": "CVE-2023-1450", "epss": 0.0006, "percentile": 0.23472, "modified": "2023-05-31"}], "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.7}, "severity": "LOW", "exploitabilityScore": 3.1, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1450", "reporter": "cna@vuldb.com", "references": ["https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc", "https://vuldb.com/?id.223295", "https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc/blob/main/id_000005%2Csig_08%2Csrc_000166%2B000357%2Ctime_3137250%2Cexecs_3545598%2Cop_splice%2Crep_16", "https://vuldb.com/?ctiid.223295"], "cvelist": ["CVE-2023-1450"], "immutableFields": [], "lastseen": "2023-05-31T17:36:15", "viewCount": 10, "enchantments": {"score": {"value": 5.8, "vector": "NONE"}, "epss": [{"cve": "CVE-2023-1450", "epss": 0.0006, "percentile": 0.23364, "modified": "2023-05-02"}], "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2023-1450"]}]}, "affected_software": {"major_version": [{"name": "mp4v2 project mp4v2", "version": 2}]}, "vulnersScore": 5.8}, "_state": {"score": 1685554720, "dependencies": 1685578091, "epss": 0, "affected_software_major_version": 0}, "_internal": {"score_hash": "d87fefa40d2e2d1af1bd31b410b4c762"}, "cna_cvss": {"cna": "VulDB", "cvss": {"3": {"vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "score": 3.3}, "2.0": {"vector": "(AV:L/AC:L/Au:S/C:N/I:N/A:P)", "score": null}}}, "cpe": ["cpe:/a:mp4v2_project:mp4v2:2.1.2"], "cpe23": ["cpe:2.3:a:mp4v2_project:mp4v2:2.1.2:*:*:*:*:*:*:*"], "cwe": ["CWE-404"], "affectedSoftware": [{"cpeName": "mp4v2_project:mp4v2", "version": "2.1.2", "operator": "eq", "name": "mp4v2 project mp4v2"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mp4v2_project:mp4v2:2.1.2:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc", "name": "https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?id.223295", "name": "https://vuldb.com/?id.223295", "refsource": "MISC", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc/blob/main/id_000005%2Csig_08%2Csrc_000166%2B000357%2Ctime_3137250%2Cexecs_3545598%2Cop_splice%2Crep_16", "name": "https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc/blob/main/id_000005%2Csig_08%2Csrc_000166%2B000357%2Ctime_3137250%2Cexecs_3545598%2Cop_splice%2Crep_16", "refsource": "MISC", "tags": ["Exploit"]}, {"url": "https://vuldb.com/?ctiid.223295", "name": "https://vuldb.com/?ctiid.223295", "refsource": "MISC", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"]}], "product_info": [{"vendor": "Mp4v2_project", "product": "Mp4v2"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Denial of Service"}]}], "exploits": []}
{"ubuntucve": [{"lastseen": "2023-06-01T13:11:41", "description": "A vulnerability was found in MP4v2 2.1.2 and classified as problematic.\nThis issue affects the function DumpTrack of the file mp4trackdump.cpp. The\nmanipulation leads to denial of service. The attack needs to be approached\nlocally. The exploit has been disclosed to the public and may be used. The\nassociated identifier of this vulnerability is VDB-223295.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-17T00:00:00", "type": "ubuntucve", "title": "CVE-2023-1450", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-1450"], "modified": "2023-03-17T00:00:00", "id": "UB:CVE-2023-1450", "href": "https://ubuntu.com/security/CVE-2023-1450", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}]}
CVE-2023-1450
