MFSA 2016-07: Security researcher Haosheng Peng discovered a vulnerability in the font parsing function of MP4 1.0 and 2.0 files. When a malformed MP4 file is parsed by a user-installed video player, it could lead to arbitrary code execution. This issue was resolved in v1.6.0+ with a software update. Reference: http://haos.engr.dkuug.dk/projects/MP4/MF#CVE-2016-8569 MFSA 2016-08: Security researcher Arthur Gautier from the Google Project Zero team discovered a type confusion vulnerability in vorbis audio parsing in MP4 1.0 and 2.0 files. On parsing a malformed MP4 file, a user-installed video player could lead to a type confusion issue, resulting in remote code execution. This issue was resolved in v1.6.0+ with a software update. Reference: https://www.google.com/url?q=https://mj.search.htt...d=5CF814D74E7D6DCE&sa=D&ved=2ahUKEwjg9n0kd7vAhXWQKHXVQCQQsAQFggiM# This issue was resolved in v1.6.0+ with a software update. MFSA 2016-09: Security researcher Arthur Gautier from the Google

Video and HTML parsing vulnerabilities

Security researcher Haosheng Peng discovered that MP4 1.0 and 2.0 files could behave differently depending on the platform they are parsed by, giving a user-installed video player access to certain functions that were not intended to be accessed. This issue was resolved in v1.6.0+ with a software update. Reference: http://haos.engr.dkuug.dk/projects/MP4/MF#CVE-2022-40438

Timeline

Published on: 09/14/2022 21:15:00 UTC
Last modified on: 09/19/2022 16:38:00 UTC

References