CVE-2023-33717

Published: Jun 2, 2023Modified: Jan 8, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes()

Affected (1)

Products: Mp4v2 Project: Mp4v2

Mp4v2 Project

1 product

Mp4v2

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mp4v2 Project Mp4v2	Version 2.1.3

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (4)

https://github.com/enzo1982/mp4v2/

Source: cve@mitre.org

Product

https://github.com/enzo1982/mp4v2/issues/37

Source: cve@mitre.org

ExploitIssue Tracking

https://github.com/enzo1982/mp4v2/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/enzo1982/mp4v2/issues/37

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

Timeline

No history available yet.