Description
A vulnerability was found in MP4v2 2.1.2. It has been classified as problematic. Affected is the function mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223296.
References (4)
Core 4
Core References
Permissions Required, Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.223296
Permissions Required, Third Party Advisory, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.223296
Exploit, Third Party Advisory exploit
https://github.com/RichTrouble/mp4v2_mp4track_poc
Scores
CVSS v3
3.3
EPSS
0.0037
EPSS Percentile
28.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-404
Status
published
Products (1)
mp4v2_project/mp4v2
2.1.2
Published
Mar 17, 2023
Tracked Since
Feb 18, 2026