本页列出影响 techsmith mp4v2 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2018-14446 | MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file. | [email protected] | 8.8 | 2.38% | 2018-07-20 | 2026-06-16 |
| CVE-2018-14403 | MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access. | [email protected] | 9.8 | 2.60% | 2018-07-19 | 2026-06-16 |
| CVE-2018-14379 | MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion. | [email protected] | 8.8 | 2.18% | 2018-07-18 | 2026-06-16 |
| CVE-2018-14326 | In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h. | [email protected] | 8.8 | 1.87% | 2018-07-16 | 2026-06-16 |
| CVE-2018-14325 | In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp. | [email protected] | 8.8 | 1.98% | 2018-07-16 | 2026-06-16 |
| CVE-2018-14054 | A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. | [email protected] | 9.8 | 2.60% | 2018-07-13 | 2026-06-16 |