The vulnerabilities of the MP4BytesProperty and MP4StringProperty classes in the library for creating, modifying, and reading MP4 files, mp4v2, allow attackers to cause service interruptions.

The vulnerability of the MP4BytesProperty and MP4StringProperty classes in the library for creating, modifying, and reading MP4 files, mp4v2, is related to the issue where operations are performed outside of the buffer during the processing of variable count values. Exploiting this vulnerability...

MP4v2 安全漏洞

MP4v2 is a library for creating, modifying, and reading MP4 files by the individual developer enzo1982. A security vulnerability exists in MP4v2 version v2.1.3, which stems from the discovery of a contained memory leak via the MP4StringProperty class in mp4property.cpp...

PT-2023-3046 · Mp4V2 · Mp4V2

Name of the Vulnerable Software and Affected Versions: mp4v2 version 2.1.3 Description: The issue is related to a memory leak via the MP4StringProperty class in the mp4v2 library, which can be exploited by a remote attacker to cause a denial of service. The vulnerability is also associated with t...

PT-2023-22317 · Mp4V2 · Mp4V2

Name of the Vulnerable Software and Affected Versions: mp4v2 version 2.0.0 Description: A heap buffer overflow issue was discovered in mp4v2 via the mp4v2::impl::MP4StringProperty::MP4StringProperty function at src/mp4property.cpp. Recommendations: For mp4v2 version 2.0.0, as a temporary...

CVE-2022-42466

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...

Cross-site Scripting (XSS)

mongo-express is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious script via a string property of documents when only preview is loaded...

UBUNTU-CVE-2018-14054

A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered...

PT-2018-12308 · Aurorasparc Llc · Mp4V2

Name of the Vulnerable Software and Affected Versions: MP4v2 version 2.0.0 Description: A double free issue exists in the MP4StringProperty class, located in mp4property.cpp. This occurs when a dangling pointer is freed again in the destructor after an exception is triggered. Recommendations: For...

Google Chrome “id”属性字符串释放后重利用远程代码执行漏洞(CVE-2013-6624)

BUGTRAQ ID: 63670 CVECAN ID: CVE-2013-6624 Google Chrome是由Google开发的一款设计简单、高效的Web浏览工具。 Chrome 31.0.1650.48之前版本存在“id”属性字符串相关的释放后重利用漏洞，攻击者可利用此漏洞在受影响用户上下文中执行任意代码。 0 Google Chrome = 17.0.963 79 厂商补丁： Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.google.com...