CVE-2022-40438 An overflow vulnerability in mp42aac in Bento4 v1.6.0-639 allows attackers to cause a denial of service.
MFSA 2016-07: Security researcher Haosheng Peng discovered a vulnerability in the font parsing function of MP4 1.0 and 2.0 files. When a malformed MP4 file is parsed by a user-installed video player, it could lead to arbitrary code execution. This issue was resolved in v1.6.0+ with a software update. Reference: http://haos.engr.dkuug.dk/projects/MP4/MF#CVE-2016-8569 MFSA 2016-08: Security researcher Arthur Gautier from the Google Project Zero team discovered a type confusion vulnerability in vorbis audio parsing in MP4 1.0 and 2.0 files. On parsing a malformed MP4 file, a user-installed video player could lead to a type confusion issue, resulting in remote code execution. This issue was resolved in v1.6.0+ with a software update. Reference: https://www.google.com/url?q=https://mj.search.htt...d=5CF814D74E7D6DCE&sa=D&ved=2ahUKEwjg9n0kd7vAhXWQKHXVQCQQsAQFggiM# This issue was resolved in v1.6.0+ with a software update. MFSA 2016-09: Security researcher Arthur Gautier from the Google
Video and HTML parsing vulnerabilities
Security researcher Haosheng Peng discovered that MP4 1.0 and 2.0 files could behave differently depending on the platform they are parsed by, giving a user-installed video player access to certain functions that were not intended to be accessed. This issue was resolved in v1.6.0+ with a software update. Reference: http://haos.engr.dkuug.dk/projects/MP4/MF#CVE-2022-40438
Timeline
Published on: 09/14/2022 21:15:00 UTC
Last modified on: 09/19/2022 16:38:00 UTC