Description
The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/pingsuewim/libmp4_bof
Scores
CVSS v3
8.8
EPSS
0.0140
EPSS Percentile
69.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
mp4v2_project/mp4v2
< 2.0.0
Published
Feb 23, 2018
Tracked Since
Feb 18, 2026