CVE-2023-38858

Published: Aug 15, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.

Affected (1)

Products: Faad2 Project: Faad2

Faad2 Project

1 product

Faad2

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Faad2 Project Faad2	Version 2.10.1

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://github.com/knik0/faad2/issues/173

Source: cve@mitre.org

ExploitIssue Tracking

https://security.gentoo.org/glsa/202401-13

Source: cve@mitre.org

https://github.com/knik0/faad2/issues/173

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://security.gentoo.org/glsa/202401-13

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.