Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by mp4v2_project
CVE-2023-33717 (GCVE-0-2023-33717)
Vulnerability from cvelistv5 – Published: 2023-06-02 00:00 – Updated: 2025-01-08 20:14
VLAI?
Summary
mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes()
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:06.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/enzo1982/mp4v2/issues/37"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/enzo1982/mp4v2/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T20:14:52.691899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T20:14:59.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes()"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-02T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/enzo1982/mp4v2/issues/37"
},
{
"url": "https://github.com/enzo1982/mp4v2/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33717",
"datePublished": "2023-06-02T00:00:00.000Z",
"dateReserved": "2023-05-22T00:00:00.000Z",
"dateUpdated": "2025-01-08T20:14:59.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33718 (GCVE-0-2023-33718)
Vulnerability from cvelistv5 – Published: 2023-05-31 00:00 – Updated: 2025-01-10 15:02
VLAI?
Summary
mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:06.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/enzo1982/mp4v2/issues/37"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33718",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T15:01:40.598287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T15:02:07.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/enzo1982/mp4v2/issues/37"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33718",
"datePublished": "2023-05-31T00:00:00.000Z",
"dateReserved": "2023-05-22T00:00:00.000Z",
"dateUpdated": "2025-01-10T15:02:07.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33720 (GCVE-0-2023-33720)
Vulnerability from cvelistv5 – Published: 2023-05-26 00:00 – Updated: 2025-01-14 20:08
VLAI?
Summary
mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:06.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/enzo1982/mp4v2/issues/36"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33720",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T20:06:23.758147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T20:08:43.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/enzo1982/mp4v2/issues/36"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33720",
"datePublished": "2023-05-26T00:00:00.000Z",
"dateReserved": "2023-05-22T00:00:00.000Z",
"dateUpdated": "2025-01-14T20:08:43.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29578 (GCVE-0-2023-29578)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 16:16
VLAI?
Summary
mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:14:39.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TechSmith/mp4v2/issues/74"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/z1r00/fuzz_vuln/blob/main/mp4v2/heap-buffer-overflow/mp4property.cpp/readme.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29578",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:14:58.104164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:16:16.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/TechSmith/mp4v2/issues/74"
},
{
"url": "https://github.com/z1r00/fuzz_vuln/blob/main/mp4v2/heap-buffer-overflow/mp4property.cpp/readme.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29578",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2025-02-04T16:16:16.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29584 (GCVE-0-2023-29584)
Vulnerability from cvelistv5 – Published: 2023-04-14 00:00 – Updated: 2025-02-06 21:19
VLAI?
Summary
mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:14:39.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/enzo1982/mp4v2/issues/30"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/z1r00/fuzz_vuln/blob/main/mp4v2/heap-buffer-overflow/MP4GetVideoProfileLevel/readme.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29584",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T21:18:23.544070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T21:19:09.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-14T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/enzo1982/mp4v2/issues/30"
},
{
"url": "https://github.com/z1r00/fuzz_vuln/blob/main/mp4v2/heap-buffer-overflow/MP4GetVideoProfileLevel/readme.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29584",
"datePublished": "2023-04-14T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2025-02-06T21:19:09.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1451 (GCVE-0-2023-1451)
Vulnerability from cvelistv5 – Published: 2023-03-17 06:49 – Updated: 2024-08-02 05:49
VLAI?
Title
MP4v2 mp4track.cpp GetSampleFileOffset denial of service
Summary
A vulnerability was found in MP4v2 2.1.2. It has been classified as problematic. Affected is the function mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223296.
Severity ?
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.223296"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.223296"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/RichTrouble/mp4v2_mp4track_poc"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/RichTrouble/mp4v2_mp4track_poc/blob/main/id_000000%2Csig_08%2Csrc_001076%2Ctime_147809374%2Cexecs_155756872%2Cop_havoc%2Crep_8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MP4v2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "ccpx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MP4v2 2.1.2. It has been classified as problematic. Affected is the function mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223296."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in MP4v2 2.1.2 ausgemacht. Hiervon betroffen ist die Funktion mp4v2::impl::MP4Track::GetSampleFileOffset der Datei mp4track.cpp. Durch das Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-21T09:01:05.519Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.223296"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.223296"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/RichTrouble/mp4v2_mp4track_poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/RichTrouble/mp4v2_mp4track_poc/blob/main/id_000000%2Csig_08%2Csrc_001076%2Ctime_147809374%2Cexecs_155756872%2Cop_havoc%2Crep_8"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-17T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-04-11T10:34:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "MP4v2 mp4track.cpp GetSampleFileOffset denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-1451",
"datePublished": "2023-03-17T06:49:07.914Z",
"dateReserved": "2023-03-17T06:48:48.619Z",
"dateUpdated": "2024-08-02T05:49:11.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1450 (GCVE-0-2023-1450)
Vulnerability from cvelistv5 – Published: 2023-03-17 06:47 – Updated: 2025-02-26 14:48
VLAI?
Title
MP4v2 mp4trackdump.cpp DumpTrack denial of service
Summary
A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223295.
Severity ?
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.223295"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.223295"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc/blob/main/id_000005%2Csig_08%2Csrc_000166%2B000357%2Ctime_3137250%2Cexecs_3545598%2Cop_splice%2Crep_16"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1450",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:48:35.248364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T14:48:56.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MP4v2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "10cksYiqiyinHangzhouTechnology (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223295."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in MP4v2 2.1.2 gefunden. Davon betroffen ist die Funktion DumpTrack der Datei mp4trackdump.cpp. Mittels Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-21T08:59:52.295Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.223295"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.223295"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc/blob/main/id_000005%2Csig_08%2Csrc_000166%2B000357%2Ctime_3137250%2Cexecs_3545598%2Cop_splice%2Crep_16"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-17T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-04-11T10:21:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "MP4v2 mp4trackdump.cpp DumpTrack denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-1450",
"datePublished": "2023-03-17T06:47:51.148Z",
"dateReserved": "2023-03-17T06:47:22.882Z",
"dateUpdated": "2025-02-26T14:48:56.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17236 (GCVE-0-2018-17236)
Vulnerability from cvelistv5 – Published: 2018-09-20 00:00 – Updated: 2024-08-05 10:47
VLAI?
Summary
The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2018-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629453"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629453"
},
{
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17236",
"datePublished": "2018-09-20T00:00:00.000Z",
"dateReserved": "2018-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:47:04.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17235 (GCVE-0-2018-17235)
Vulnerability from cvelistv5 – Published: 2018-09-20 00:00 – Updated: 2024-08-05 10:47
VLAI?
Summary
The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2018-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629451"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629451"
},
{
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17235",
"datePublished": "2018-09-20T00:00:00.000Z",
"dateReserved": "2018-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:47:04.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7339 (GCVE-0-2018-7339)
Vulnerability from cvelistv5 – Published: 2018-02-23 14:00 – Updated: 2024-08-05 06:24
VLAI?
Summary
The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2018-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pingsuewim/libmp4_bof"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-23T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pingsuewim/libmp4_bof"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pingsuewim/libmp4_bof",
"refsource": "MISC",
"url": "https://github.com/pingsuewim/libmp4_bof"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7339",
"datePublished": "2018-02-23T14:00:00.000Z",
"dateReserved": "2018-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:24:11.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}