CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-29578
https://notcve.org/view.php?id=CVE-2023-29578
mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp. • https://github.com/TechSmith/mp4v2/issues/74 https://github.com/z1r00/fuzz_vuln/blob/main/mp4v2/heap-buffer-overflow/mp4property.cpp/readme.md • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-29584
https://notcve.org/view.php?id=CVE-2023-29584
mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp. • https://github.com/enzo1982/mp4v2/issues/30 https://github.com/z1r00/fuzz_vuln/blob/main/mp4v2/heap-buffer-overflow/MP4GetVideoProfileLevel/readme.md • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-1451 – MP4v2 mp4track.cpp GetSampleFileOffset denial of service
https://notcve.org/view.php?id=CVE-2023-1451
A vulnerability was found in MP4v2 2.1.2. It has been classified as problematic. Affected is the function mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. • https://github.com/RichTrouble/mp4v2_mp4track_poc https://github.com/RichTrouble/mp4v2_mp4track_poc/blob/main/id_000000%2Csig_08%2Csrc_001076%2Ctime_147809374%2Cexecs_155756872%2Cop_havoc%2Crep_8 https://vuldb.com/?ctiid.223296 https://vuldb.com/?id.223296 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-1450 – MP4v2 mp4trackdump.cpp DumpTrack denial of service
https://notcve.org/view.php?id=CVE-2023-1450
A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc/blob/main/id_000005%2Csig_08%2Csrc_000166%2B000357%2Ctime_3137250%2Cexecs_3545598%2Cop_splice%2Crep_16 https://vuldb.com/?ctiid.223295 https://vuldb.com/?id.223295 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17235
https://notcve.org/view.php?id=CVE-2018-17235
The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service. La función mp4v2::impl::MP4Track::FinishSdtp() en mp4track.cpp en libmp4v2 2.1.0 gestiona de manera incorrecta compatibleBrand al procesar un archivo mp4 manipulado, lo que conduce a una sobrelectura de búfer basada en memoria dinámica (heap) y a una denegación de servicio (DoS). • https://bugzilla.redhat.com/show_bug.cgi?id=1629451 https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0 • CWE-125: Out-of-bounds Read •