MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion.
The product does not correctly convert an object, resource, or structure from one type to a different type.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mp4v2 | Techsmith | 2.0.0 (including) | 2.0.0 (including) |
Mp4v2 | Ubuntu | artful | * |
Mp4v2 | Ubuntu | bionic | * |
Mp4v2 | Ubuntu | cosmic | * |
Mp4v2 | Ubuntu | esm-apps/bionic | * |
Mp4v2 | Ubuntu | esm-apps/xenial | * |
Mp4v2 | Ubuntu | trusty | * |
Mp4v2 | Ubuntu | upstream | * |
Mp4v2 | Ubuntu | xenial | * |