CVE-2023-1450

A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223295.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc	Exploit Third Party Advisory
https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc/blob/main/id_000005%2Csig_08%2Csrc_000166%2B000357%2Ctime_3137250%2Cexecs_3545598%2Cop_splice%2Crep_16	Exploit
https://vuldb.com/?ctiid.223295	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.223295	Permissions Required Third Party Advisory VDB Entry
https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc	Exploit Third Party Advisory
https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc/blob/main/id_000005%2Csig_08%2Csrc_000166%2B000357%2Ctime_3137250%2Cexecs_3545598%2Cop_splice%2Crep_16	Exploit
https://vuldb.com/?ctiid.223295	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.223295	Permissions Required Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:mp4v2_project:mp4v2:2.1.2:*:*:*:*:*:*:*

History

21 Nov 2024, 07:39

Type	Values Removed	Values Added
CVSS	v2 : ~~1.7~~ v3 : ~~5.5~~	v2 : 1.7 v3 : 3.3
References	~~() https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc - Exploit, Third Party Advisory~~	() https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc - Exploit, Third Party Advisory
References	~~() https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc/blob/main/id_000005%2Csig_08%2Csrc_000166%2B000357%2Ctime_3137250%2Cexecs_3545598%2Cop_splice%2Crep_16 - Exploit~~	() https://github.com/10cksYiqiyinHangzhouTechnology/mp4v2_trackdump_poc/blob/main/id_000005%2Csig_08%2Csrc_000166%2B000357%2Ctime_3137250%2Cexecs_3545598%2Cop_splice%2Crep_16 - Exploit
References	~~() https://vuldb.com/?ctiid.223295 - Permissions Required, Third Party Advisory, VDB Entry~~	() https://vuldb.com/?ctiid.223295 - Permissions Required, Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?id.223295 - Permissions Required, Third Party Advisory, VDB Entry~~	() https://vuldb.com/?id.223295 - Permissions Required, Third Party Advisory, VDB Entry

Information

Published : 2023-03-17 07:15

Updated : 2024-11-21 07:39

NVD link : CVE-2023-1450

Mitre link : CVE-2023-1450

CVE.ORG link : CVE-2023-1450

JSON object : View

Products Affected

mp4v2_project

mp4v2

CWE

CWE-404

Improper Resource Shutdown or Release

3.3 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2023-1450

3.3^/10

1.7^/10

Attach tags to `CVE-2023-1450`