Vulnerabilities > Mp4V2 Project > Mp4V2 > 2.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-20 | CVE-2018-17236 | Use After Free vulnerability in Mp4V2 Project Mp4V2 2.1.0 The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal. | 4.3 |
2018-09-20 | CVE-2018-17235 | Out-of-bounds Read vulnerability in Mp4V2 Project Mp4V2 2.1.0 The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service. | 4.3 |