10 matches found
CVE-2023-33718
mp4v2 v2.1.3 contains a memory leak in MP4File::ReadString() (mp4file_io.cpp). The CVE-2023-33718 entry, and connected sources, consistently describe this memory leak vulnerability in the mp4v2 library. No public remediation or patch details are provided within the supplied documents. The vulnera...
CVE-2023-33717
CVE-2023-33717 affects mp4v2 library v2.1.3. The issue is a memory leak in MP4File::ReadBytes() when memory is allocated but ReadBytes() throws an exception that is not caught. Public details in the provided sources consistently describe a local-vector/availability impact (A: HIGH) without noting...
CVE-2023-1450
MP4v2 2.1.2 vulnerability (CVE-2023-1450) affects the function DumpTrack in mp4trackdump.cpp. The issue enables denial of service and is exploitable with local access; the exploit has been disclosed publicly. Multiple sources (NVD, CVE listing, OSV/UBUNTU entries, and Nessus/Red Hat/UNIX advisori...
CVE-2023-29578
The CVE-2023-29578 entry affects mp4v2 v2.0.0, where a heap buffer overflow is triggered in the destructor MP4StringProperty::~MP4StringProperty() implemented in mp4property.cpp. The vulnerability is documented with a CVSS v3.1 base score of 8.8 (HIGH) across confidentiality, integrity, and avail...
CVE-2023-1451
CVE-2023-1451 affects MP4v2 2.1.2. The vulnerability is in mp4v2::impl::MP4Track::GetSampleFileOffset (mp4track.cpp) and can lead to a denial of service. The attack is local, and public exploit details have been disclosed. No patch/version remediation is specified in the provided documents. INFO:...
CVE-2018-17236
The concrete details show an issue in libmp4v2 2.1.0 where MP4Free() frees an invalid pointer, causing a SIGABRT crash. Affected component: libmp4v2 (mp4property.cpp). Root cause: freeing a corrupted/invalid pointer inside MP4Free(). Impact: process crash (SIGABRT); no exploitation details provid...
CVE-2018-7339
The CVE-2018-7339 vulnerability affects MP4v2 (MP4Atom class in mp4atom.cpp) up to version 2.0.0, where improper handling of Entry Number validation in the MP4 Table Property allows a remote attacker to cause a denial of service (overflow, excessive memory allocation, and segmentation fault) via ...
CVE-2023-33720
CVE-2023-33720 concerns the mp4v2 library, where version 2.1.2 is reported to contain a memory leak in the MP4BytesProperty class. The available documents consistently describe memory-management issues in mp4v2/v2.1.2 but do not provide concrete details on affected products, versions beyond 2.1.2...
CVE-2023-29584
CVE-2023-29584 affects mp4v2 v2.0.0, where a heap-based buffer overflow exists in MP4GetVideoProfileLevel() implemented in /src/mp4.cpp. The vulnerability is described across multiple sources (NVD, CVE listings, OSV/UBUNTU pages, Veracode entry) as a heap overflow in the libmp4v2/mp4v2 library, w...
CVE-2018-17235
The CVE-2018-17235 entry concerns libmp4v2 version 2.1.0. The flaw resides in mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp, where mishandling of compatibleBrand while processing a crafted MP4 file leads to a heap-based buffer over-read and a denial of service. The description is consistent...