Skip to main content

Mp4V2 CVE-2023-33717

MEDIUM
Memory Leak (CWE-401)
2023-06-02 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 02, 2023 - 12:15 nvd
MEDIUM 5.5

DescriptionNVD

mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes()

AnalysisAI

mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes() Affected products include: Mp4V2 Project Mp4V2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.

More in Mp4V2

View all
CVE-2018-14403 CRITICAL POC
9.8 Jul 19

MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriat

CVE-2018-14054 CRITICAL POC
9.8 Jul 13

A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. Rated critical severity (CVSS 9.8

CVE-2023-33718 HIGH POC
8.8 May 31

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp. Rated high severity (C

CVE-2023-29578 HIGH POC
8.8 Apr 24

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty

CVE-2023-29584 HIGH POC
8.8 Apr 14

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp.

CVE-2018-14326 HIGH POC
8.8 Jul 16

In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom

CVE-2018-14325 HIGH POC
8.8 Jul 16

In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp. Ra

CVE-2023-33720 MEDIUM POC
6.5 May 26

mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. Rated medium severity (CVSS 6.5), t

CVE-2018-17236 MEDIUM POC
6.5 Sep 20

The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGA

CVE-2023-33719 MEDIUM POC
5.5 Jun 01

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp. Rated medium severity (CVSS

CVE-2023-1451 MEDIUM POC
5.5 Mar 17

A vulnerability was found in MP4v2 2.1.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

CVE-2023-1450 MEDIUM POC
5.5 Mar 17

A vulnerability was found in MP4v2 2.1.2 and classified as problematic.cpp. Rated medium severity (CVSS 5.5), this vulne

Share

CVE-2023-33717 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy