Casperslei

Name of the Vulnerable Software and Affected Versions: MediaInfo versions prior to 20.08 Description: The issue is a heap buffer overflow vulnerability. It occurs via MediaInfoLib::File Gxf::ChooseParser ChannelGrouping. Recommendations: For versions prior to 20.08, update to version 20.08 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MediaInfo versions 20.03 **Description** The issue is a stack-based buffer over-read in the `Streams Fill PerStream` function in `Multiple/File MpegPs.cpp`, which occurs during MpegPs parsing and can be described as an off-by-one error. **Recommendations** For MediaInfo version 20.03, consider updating to a newer version to resolve the issue, as the current version contains a stack-based buffer over-read that could be exploited. At the moment, there is no information about a newer version that contains a fix for this vulnerability.