Ubuntu.comUB:CVE-2023-1451CVE-2023-1451
1.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
29.6%
A vulnerability was found in MP4v2 2.1.2. It has been classified as
problematic. Affected is the function
mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The
manipulation leads to denial of service. An attack has to be approached
locally. The exploit has been disclosed to the public and may be used. The
identifier of this vulnerability is VDB-223296.
References
github.com/RichTrouble/mp4v2_mp4track_poc
github.com/RichTrouble/mp4v2_mp4track_poc/blob/main/id_000000%2Csig_08%2Csrc_001076%2Ctime_147809374%2Cexecs_155756872%2Cop_havoc%2Crep_8
launchpad.net/bugs/cve/CVE-2023-1451
nvd.nist.gov/vuln/detail/CVE-2023-1451
security-tracker.debian.org/tracker/CVE-2023-1451
www.cve.org/CVERecord?id=CVE-2023-1451
Related
1.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
29.6%