In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h. A dangling pointer is freed again in the destructor once an exception is triggered. MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file.Ī double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0.
0 Comments
Leave a Reply. |