CVE-2018-14054

Technical details about CVE-2018-14054 are not publicly available in the provided connected documents; the initial entry notes a double-free in MP4v2 2.0.0's MP4StringProperty with destructor handling an exception.

CVE-2018-14403

MP4v2 vulnerability CVE-2018-14403 affects MP4NameFirstMatches in mp4util.cpp (MP4v2 2.0.0). The issue involves mishandling substrings of atom names, causing a type confusion that can lead to out-of-bounds memory access. Multiple connected advisories confirm this family of issues within MP4v2 2.0...

CVE-2018-14325

CVE-2018-14325 affects MP4v2 2.0.0, where parsing MP4Atom in mp4atom.cpp can trigger an integer underflow leading to memory corruption. Public sources in the connected documents confirm the root cause is an underflow in MP4Atom parsing, with the vulnerability being exploitable via crafted MP4 fil...

CVE-2018-14379

CVE-2018-14379 occurs in MP4v2 2.0.0 where MP4Atom::factory uses MP4ItemAtom instead of MP4DataAtom in certain cases, causing type confusion and memory layout mismatches that enable DoS via a crafted MP4 file. Public documentation confirms this vulnerability exists in the libmp4v2 library and rel...

CVE-2018-14326

CVE-2018-14326 affects libmp4v2 (MP4v2) 2.0.0, where resizing MP4Array for the ftyp atom in mp4array.h triggers an integer overflow that leads to memory corruption. Connected advisories confirm the issue is addressed in later libmp4v2 packages (e.g., 2.1.0), and Mageia/OpenVAS updates list the CV...

CVE-2018-14446

CVE-2018-14446 affects the MP4v2 library: MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 permits remote attackers to trigger a denial of service (heap-based buffer overflow and application crash) or potentially other impact via a crafted MP4 file. Public materials identify the vulnera...