PT-2018-12495 · Mp4V2 · Mp4V2

Ruikai Liu

Publicado

2018-07-19

Atualizado

2023-04-11

CVE-2018-14403

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MP4v2 version 2.0.0

Description The issue arises from the MP4NameFirstMatches function in mp4util.cpp, which incorrectly handles substrings of atom names. This mishandling leads to the use of an inappropriate data type for associated atoms, resulting in type confusion. The type confusion can cause out-of-bounds memory access.

Recommendations For MP4v2 version 2.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Type Conversion or Cast

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-704

Identificadores relacionados

CVE-2018-14403

MGASA-2020-0062

Produtos afetados

Mp4V2

PT-2018-12495 · Mp4V2 · Mp4V2

CVE-2018-14403

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14