CVE-2018-14379

Name of the Vulnerable Software and Affected Versions MP4v2 version 2.0.0

Description The issue arises from a type confusion in the MP4Atom::factory function within mp4atom.cpp, where MP4ItemAtom is used instead of the required MP4DataAtom. This confusion occurs when handling a crafted MP4 file, leading to potential memory corruption or other unspecified impacts due to differing expectations about the data structure's layout.

Recommendations For MP4v2 version 2.0.0, consider applying a patch that corrects the type confusion in the MP4Atom::factory function to use MP4DataAtom as required, ensuring proper handling of MP4 files and preventing potential memory corruption or other issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.