Skip to main content

Mp4V2

18 CVEs product

Monthly

CVE-2023-33717 MEDIUM POC This Month

mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-33719 MEDIUM POC This Month

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-33716 MEDIUM This Month

mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33718 HIGH POC This Week

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33720 MEDIUM POC This Month

mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mp4V2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-29578 HIGH POC This Week

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-29584 HIGH POC This Week

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1451 MEDIUM POC This Month

A vulnerability was found in MP4v2 2.1.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mp4V2
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1450 MEDIUM POC This Month

A vulnerability was found in MP4v2 2.1.2 and classified as problematic.cpp. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mp4V2
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-17236 MEDIUM POC This Month

The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Mp4V2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-17235 MEDIUM This Month

The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-14446 HIGH This Week

MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-14403 CRITICAL POC Act Now

MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-14379 HIGH This Week

MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-14326 HIGH POC This Week

In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-14325 HIGH POC This Week

In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-14054 CRITICAL POC Act Now

A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-7339 HIGH This Week

The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mp4V2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mp4V2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mp4V2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in MP4v2 2.1.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mp4V2
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in MP4v2 2.1.2 and classified as problematic.cpp. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mp4V2
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mp4V2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mp4V2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mp4V2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mp4V2
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mp4V2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy