Vulnerabilities > CVE-2018-14448 - NULL Pointer Dereference vulnerability in Untrunc Project Untrunc 20180607

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

untrunc-project

CWE-476

NVD

Published: 2018-07-20

Updated: 2018-09-14

Summary

Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav.

Vulnerable Configurations

Part	Description	Count
Application	Untrunc_Project Untrunc Project Untrunc 2018-06-07	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

http://hac425.unaux.com/index.php/archives/66/
https://github.com/ponchio/untrunc/issues/131