PT-2018-13961 · Videolan · Libmp4V2
Ace Team
+1
·
Published
2018-09-20
·
Updated
2023-04-11
·
CVE-2018-17236
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libmp4v2 version 2.1.0
Description
The issue arises from the function
MP4Free() in mp4property.cpp, which internally calls free() on an invalid pointer. This results in a SIGABRT signal being raised.Recommendations
For libmp4v2 version 2.1.0, consider disabling the
MP4Free() function as a temporary workaround until a patch is available.Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libmp4V2