Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17236 | 1 Mp4v2 Project | 1 Mp4v2 | 2018-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal. | |||||
| CVE-2018-17235 | 1 Mp4v2 Project | 1 Mp4v2 | 2018-11-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service. | |||||
| CVE-2018-7339 | 1 Mp4v2 Project | 1 Mp4v2 | 2018-03-18 | 6.8 MEDIUM | 8.8 HIGH |
| The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file. | |||||