| CVE-2018-14403 |
AVG-848 |
High |
No |
Information disclosure |
MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms.... |
| CVE-2018-14379 |
AVG-848 |
Medium |
No |
Denial of service |
MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows... |
| CVE-2018-14326 |
AVG-848 |
High |
No |
Arbitrary code execution |
In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h. |
| CVE-2018-14325 |
AVG-848 |
High |
No |
Arbitrary code execution |
In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp. |
| CVE-2018-14054 |
AVG-848 |
Low |
No |
Denial of service |
A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception... |