-
Notifications
You must be signed in to change notification settings - Fork 476
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Infinite loop in AP4_FtypAtom #233
Comments
fixed on master branch |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5253 has been assigned for this vulnerability. |
Is it possible to differentiate "current" vulnerabilities from "old" ones (i.e vulnerabilities that have been fixed). This one was fixed a year ago. |
@barbibulle I didn't request CVE identifier. It was probably requested by @xcainiao. If this was previously fixed and announced CVE should be REJECTED. I added information about CVE here as distros and other CVE database users might need it. In my opinion this should be done automatically, but I haven't yet made a tool for it. |
MP4 To AAC File Converter - Version 1.0
(Bento4 Version 1.5.1.0)
(c) 2002-2008 Axiomatic Systems, LLC
./mp42aac @@testcase ./out.aac
AP4_FtypAtom: if size not zero Infinite loop
testcase:https://github.com/xcainiao/poc/blob/master/Bento4_AP4_FtypAtom_Infinite_loop
Credit: topsec@zhangwy
The text was updated successfully, but these errors were encountered: