CVE-2018-14403

Published: Jul 19, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access.

Affected (1)

Products: Techsmith: Mp4v2

Techsmith

1 product

Mp4v2

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Techsmith Mp4v2	Version 2.0.0

Related CWEs

CWE-704

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

References (10)

http://www.openwall.com/lists/oss-security/2018/07/18/3

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YCHVOYPIBGM5HYUMQ77KZH2IHSITKVE/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRSO2IMK6P7MOIZWGWKONPIEHKBA7WL3/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GISUIWPKBWPXORUFNWBGFTKQS7UUVUC4/

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2018/07/18/3