Source: mp4v2 Version: 2.0.0~dfsg0-1 Severity: important Tags: security upstream
Hi, the following vulnerability was published for mp4v2. CVE-2018-7339[0]: | The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles | Entry Number validation for the MP4 Table Property, which allows remote | attackers to cause a denial of service (overflow, insufficient memory | allocation, and segmentation fault) or possibly have unspecified other | impact via a crafted mp4 file. Not clear, is there still an upstream active? If so has the report been make aware to the developers? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7339 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7339 [1] https://github.com/pingsuewim/libmp4_bof Regards, Salvatore _______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
