CVE Vulnerabilities

CVE-2018-14325

Integer Underflow (Wrap or Wraparound)

Published: Jul 16, 2018 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.

Weakness

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Affected Software

Name Vendor Start Version End Version
Mp4v2 Techsmith 2.0.0 (including) 2.0.0 (including)
Mp4v2 Ubuntu artful *
Mp4v2 Ubuntu bionic *
Mp4v2 Ubuntu cosmic *
Mp4v2 Ubuntu esm-apps/bionic *
Mp4v2 Ubuntu esm-apps/xenial *
Mp4v2 Ubuntu trusty *
Mp4v2 Ubuntu upstream *
Mp4v2 Ubuntu xenial *

References