Ruikai Liu

**Name of the Vulnerable Software and Affected Versions** MP4v2 version 2.0.0 **Description** The issue arises from the `MP4NameFirstMatches` function in `mp4util.cpp`, which incorrectly handles substrings of atom names. This mishandling leads to the use of an inappropriate data type for associated atoms, resulting in type confusion. The type confusion can cause out-of-bounds memory access. **Recommendations** For MP4v2 version 2.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MP4v2 version 2.0.0 **Description** The issue arises from a type confusion in the MP4Atom::factory function within mp4atom.cpp, where MP4ItemAtom is used instead of the required MP4DataAtom. This confusion occurs when handling a crafted MP4 file, leading to potential memory corruption or other unspecified impacts due to differing expectations about the data structure's layout. **Recommendations** For MP4v2 version 2.0.0, consider applying a patch that corrects the type confusion in the MP4Atom::factory function to use MP4DataAtom as required, ensuring proper handling of MP4 files and preventing potential memory corruption or other issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MP4v2 version 2.0.0 **Description** The issue arises from an integer underflow that leads to memory corruption when parsing MP4Atom in mp4atom.cpp. **Recommendations** For MP4v2 version 2.0.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MP4v2 version 2.0.0 **Description** The issue is related to an integer overflow that results in memory corruption when resizing MP4Array for the ftyp atom in mp4array.h. **Recommendations** For MP4v2 version 2.0.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MP4v2 version 2.0.0 **Description** A double free issue exists in the MP4StringProperty class, located in mp4property.cpp. This occurs when a dangling pointer is freed again in the destructor after an exception is triggered. **Recommendations** For MP4v2 version 2.0.0, consider applying a patch or fix to address the double free issue in the MP4StringProperty class to prevent potential crashes or code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.30 **Description** The issue is related to an integer overflow in the `load specific debug section()` function in objdump.c. This overflow results in `malloc()` being called with a size of 0. A crafted ELF file can be used by remote attackers to cause a denial of service, leading to an application crash, or possibly having other unspecified impacts. **Recommendations** For GNU Binutils version 2.30, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the use of the `load specific debug section()` function in objdump.c to minimize the risk of exploitation. Avoid processing crafted ELF files until the issue is resolved.