libmp4v2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An API to create and modify mp4 files as defined by ISO-IEC:14496-1:2001 MPEG-4 Systems
Version 4.1.3-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-848 2.0.0-5 4.1.3-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-14403 AVG-848 High No Information disclosure
MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms....
CVE-2018-14379 AVG-848 Medium No Denial of service
MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows...
CVE-2018-14326 AVG-848 High No Arbitrary code execution
In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.
CVE-2018-14325 AVG-848 High No Arbitrary code execution
In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.
CVE-2018-14054 AVG-848 Low No Denial of service
A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception...