CVE-2018-14403 - MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to us

CVE-2018-14403

Summary

MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access.

References

http://www.openwall.com/lists/oss-security/2018/07/18/3
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YCHVOYPIBGM5HYUMQ77KZH2IHSITKVE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRSO2IMK6P7MOIZWGWKONPIEHKBA7WL3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISUIWPKBWPXORUFNWBGFTKQS7UUVUC4/
https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0

Vulnerable Configurations

cpe:2.3:a:techsmith:mp4v2:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:techsmith:mp4v2:2.0.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-04-2023 - 14:15)
Impact:
Exploitability:

CWE

CWE-704

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

fedora	FEDORA-2019-1030f4816a FEDORA-2019-6469ad8129 FEDORA-2019-d53d4a79ac
misc	http://www.openwall.com/lists/oss-security/2018/07/18/3

Last major update

11-04-2023 - 14:15

Published

19-07-2018 - 05:29

Last modified

11-04-2023 - 14:15