CVE-2026-5236

A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument npresentations leads to heap-based buffer overflow. The attack needs to be performed...

CVE-2026-5235 Axiomatic Bento4 MP4 File Ap4Dac4Atom.cpp ReadCache heap-based overflow

A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation causes heap-based buffer overflow. The attack needs to be launched locally. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2022-41425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4Processor::ProcessFragments function in mp4decrypt. CVE-2022-41425 Note that...

Linux Distros Unpatched Vulnerability : CVE-2018-20407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as...

Linux Distros Unpatched Vulnerability : CVE-2018-5253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The AP4FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling. CVE-2018-5253 Note...

Linux Distros Unpatched Vulnerability : CVE-2022-31285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h. CVE-2022-31285 Note that Nessus relies on the presence of...

CVE-2022-40885

Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service...

PT-2025-3460 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 mp42avc version 3bdc891602d19789b8e8626e4a3e613a937b4d35 Description: The issue allows a local attacker to execute arbitrary code via the AP4 MemoryByteStream::WritePartial function. This is a buffer overflow vulnerability...

UBUNTU-CVE-2022-41428

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4BitReader::ReadBits function in mp4mux...

PT-2022-25858 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-639 Description: A memory leak was discovered in Bento4 via the AP4 SttsAtom::Create function in mp42hls. Recommendations: For version 1.6.0-639, consider restricting the use of the AP4 SttsAtom::Create function until a...

PT-2022-25533 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 versions 1.6.0-639 and earlier Description: An issue was discovered in Bento4, where there is a NULL pointer dereference in the AP4 StszAtom::GetSampleSize function. Recommendations: For Bento4 versions 1.6.0-639 and earlier, consider...

UBUNTU-CVE-2021-40943

In Bento4 1.6.0-638, there is a null pointer reference in the function AP4DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service DOS...

CVE-2020-23332

A heap-based buffer overflow exists in the AP4StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service DOS...

CVE-2018-5253

The AP4FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling...

UBUNTU-CVE-2017-14645

A heap-based buffer over-read was discovered in AP4BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service...