Comment 1 John Helmert III 2023-06-04 03:21:53 UTC

CVE-2023-33716 (https://github.com/enzo1982/mp4v2/issues/36):

mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp.

CVE-2023-33717 (https://github.com/enzo1982/mp4v2/issues/37):

mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes()

CVE-2023-33718 (https://github.com/enzo1982/mp4v2/issues/37):

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp

CVE-2023-33719 (https://github.com/enzo1982/mp4v2/issues/37):

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp

All have linked patches.

Comment 2 Larry the Git Cow 2023-06-04 07:48:48 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a61d5d15bb1c95d443c0e00c94b5b023d090a889

commit a61d5d15bb1c95d443c0e00c94b5b023d090a889
Author:     Miroslav Šulc <fordfrog@gentoo.org>
AuthorDate: 2023-06-04 07:48:36 +0000
Commit:     Miroslav Šulc <fordfrog@gentoo.org>
CommitDate: 2023-06-04 07:48:36 +0000

    media-libs/libmp4v2: fixed mem leaks
    
    Bug: https://bugs.gentoo.org/907275
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

 .../files/libmp4v2-2.0.0-unsigned-int-cast.patch   |  21 ---
 .../files/libmp4v2-2.1.3-mem-leaks-1.patch         | 150 +++++++++++++++++++++
 .../files/libmp4v2-2.1.3-mem-leaks-2.patch         |  30 +++++
 media-libs/libmp4v2/libmp4v2-2.1.3-r1.ebuild       |  34 +++++
 4 files changed, 214 insertions(+), 21 deletions(-)

Comment 3 Miroslav Šulc 2023-06-04 07:49:15 UTC

fixed mem leaks from comment 1