Bug#893544: mp4v2: CVE-2018-7339
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 19 19:49:14 GMT 2018
Source: mp4v2
Version: 2.0.0~dfsg0-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for mp4v2.
CVE-2018-7339[0]:
| The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles
| Entry Number validation for the MP4 Table Property, which allows remote
| attackers to cause a denial of service (overflow, insufficient memory
| allocation, and segmentation fault) or possibly have unspecified other
| impact via a crafted mp4 file.
Not clear, is there still an upstream active? If so has the report
been make aware to the developers?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-7339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7339
[1] https://github.com/pingsuewim/libmp4_bof
Regards,
Salvatore
More information about the pkg-multimedia-maintainers
mailing list