HIGH🇬🇧 English

CVE-2018-7339

CVSS 8.8v3.0pub. 2018-02-23upd. 2024-11-21

The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Mp4v2 Project Mp4v2

    APP
    Mp4V2 Project
    ≤ 2.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2023-33718HIGH8.8ten sam produkt

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp

CVE-2023-29578HIGH8.8ten sam produkt

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4Stri...

CVE-2023-29584HIGH8.8ten sam produkt

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src...

CVE-2023-33717MEDIUM5.5ten sam produkt

mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated ...

CVE-2023-33720MEDIUM6.5ten sam produkt

mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.

CVE-2018-7339 — HIGH 8.8 | CVEbaza.pl