Upstream: https://github.com/sergiomb2/libmp4v2/commit/a94a3372c6ef66a2276cc6cd92f7ec07a9c8bb6b Gentoo Bug: https://bugs.gentoo.org/661582 From a94a3372c6ef66a2276cc6cd92f7ec07a9c8bb6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= Date: Wed, 17 Oct 2018 16:13:06 +0100 Subject: [PATCH] Fix Out-of-bounds memory access in MP4v2 2.0.0 The bug can be fixed by more checks when doing type comparison. Reference: https://www.openwall.com/lists/oss-security/2018/07/18/3 Addresses https://nvd.nist.gov/vuln/detail/CVE-2018-14403 --- src/mp4util.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/mp4util.cpp b/src/mp4util.cpp index 47bd74e..696dab4 100644 --- a/src/mp4util.cpp +++ b/src/mp4util.cpp @@ -46,6 +46,7 @@ bool MP4NameFirstMatches(const char* s1, const char* s2) s1++; s2++; } + if(*s2 != '[' && *s2 != '.' && *s2 != '\0') return false; return true; }