PT-2023-16993 · Mp4V2 · Mp4V2
Ccpx
·
Published
2023-03-17
·
Updated
2024-05-17
·
CVE-2023-1451
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
MP4v2 version 2.1.2
Description
A vulnerability was found in the function
mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.Recommendations
For MP4v2 version 2.1.2, consider disabling the
mp4v2::impl::MP4Track::GetSampleFileOffset function until a patch is available. Restrict access to the mp4track.cpp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mp4V2