CVE-2023-1451

Published: Mar 17, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in MP4v2 2.1.2. It has been classified as problematic. Affected is the function mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223296.

Affected (1)

Products: Mp4v2 Project: Mp4v2

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mp4v2 Project Mp4v2	Version 2.1.2

Related CWEs

Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

References (8)

https://github.com/RichTrouble/mp4v2_mp4track_poc

Source: cna@vuldb.com

ExploitThird Party Advisory

https://github.com/RichTrouble/mp4v2_mp4track_poc/blob/main/id_000000%2Csig_08%2Csrc_001076%2Ctime_147809374%2Cexecs_155756872%2Cop_havoc%2Crep_8

Source: cna@vuldb.com

Exploit

https://vuldb.com/?ctiid.223296

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.223296

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://github.com/RichTrouble/mp4v2_mp4track_poc

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/RichTrouble/mp4v2_mp4track_poc/blob/main/id_000000%2Csig_08%2Csrc_001076%2Ctime_147809374%2Cexecs_155756872%2Cop_havoc%2Crep_8

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://vuldb.com/?ctiid.223296

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.223296

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party AdvisoryVDB Entry

Timeline

No history available yet.