Bento4 Security Vulnerabilities and Issues — Bento4 CVE List

Lucene search

AxiosysBento4

155 matches found

CVE•added 2019/10/12 8:15 p.m.•143 views

CVE-2019-17529

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.

7.8CVSS7.6AI score0.00165EPSS

CVE•added 2019/10/12 8:15 p.m.•138 views

CVE-2019-17530

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.

7.8CVSS7.6AI score0.00165EPSS

CVE•added 2019/10/12 8:15 p.m.•133 views

CVE-2019-17528

An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.

7.5CVSS7.5AI score0.00403EPSS

CVE•added 2023/04/12 1:15 p.m.•103 views

CVE-2023-29574

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.

5.5CVSS5.5AI score0.0003EPSS

CVE•added 2019/12/30 4:15 a.m.•93 views

CVE-2019-20090

An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.

7.8CVSS7.6AI score0.00254EPSS

CVE•added 2019/12/30 4:15 a.m.•90 views

CVE-2019-20091

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp.

5.5CVSS5.5AI score0.00266EPSS

CVE•added 2019/12/30 4:15 a.m.•90 views

CVE-2019-20092

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.

5.5CVSS5.5AI score0.00266EPSS

CVE•added 2022/03/21 11:15 p.m.•85 views

CVE-2022-27607

Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531.

8.1CVSS8.9AI score0.00468EPSS

CVE•added 2021/07/13 10:15 p.m.•83 views

CVE-2020-19721

A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS).

6.5CVSS6.6AI score0.00435EPSS

CVE•added 2024/02/09 3:15 p.m.•73 views

CVE-2024-25452

Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.

5.5CVSS5.5AI score0.0002EPSS

CVE•added 2024/02/29 1:44 a.m.•72 views

CVE-2024-24155

Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mp4 file.

6.5CVSS6.5AI score0.00278EPSS

CVE•added 2024/02/09 3:15 p.m.•72 views

CVE-2024-25451

Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.

6.5CVSS6.5AI score0.00054EPSS

CVE•added 2021/08/13 9:15 p.m.•68 views

CVE-2020-21066

An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac.

6.5CVSS6.3AI score0.0026EPSS

CVE•added 2022/10/26 7:15 p.m.•65 views

CVE-2022-3667

A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely...

7.5CVSS7.5AI score0.00063EPSS

CVE•added 2019/10/10 5:15 p.m.•62 views

CVE-2019-17452

Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.

6.5CVSS6.4AI score0.00285EPSS

CVE•added 2022/06/10 6:15 p.m.•62 views

CVE-2022-31287

An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp.

5.5CVSS5.5AI score0.00157EPSS

CVE•added 2022/10/31 9:15 p.m.•61 views

CVE-2022-3785

A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_DataBuffer::SetDataSize of the component Avcinfo. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclos...

7.8CVSS6.9AI score0.00109EPSS

CVE•added 2024/02/09 3:15 p.m.•61 views

CVE-2024-25454

Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.

5.5CVSS5.5AI score0.0002EPSS

CVE•added 2019/07/18 7:15 p.m.•60 views

CVE-2019-13959

In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186.

6.5CVSS6.2AI score0.00312EPSS

CVE•added 2022/10/26 7:15 p.m.•60 views

CVE-2022-3668

A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to th...

5.5CVSS5.4AI score0.00053EPSS

CVE•added 2022/10/26 7:15 p.m.•60 views

CVE-2022-3670

A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may...

7.8CVSS7.5AI score0.00137EPSS

CVE•added 2021/08/17 10:15 p.m.•59 views

CVE-2020-23332

A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS).

7.5CVSS7.5AI score0.00405EPSS

CVE•added 2022/10/26 7:15 p.m.•58 views

CVE-2022-3663

A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. This issue affects the function AP4_StsdAtom of the file Ap4StsdAtom.cpp of the component MP4fragment. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disc...

5.5CVSS5.4AI score0.00053EPSS

CVE•added 2022/10/26 7:15 p.m.•58 views

CVE-2022-3664

A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4_BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has be...

7.8CVSS7.6AI score0.00064EPSS

CVE•added 2021/08/17 10:15 p.m.•56 views

CVE-2020-23331

An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DescriptorListWriter::Action component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS).

7.5CVSS7.2AI score0.00336EPSS

CVE•added 2022/10/26 7:15 p.m.•56 views

CVE-2022-3662

A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the ...

7.8CVSS7.4AI score0.0007EPSS

CVE•added 2022/10/03 2:15 p.m.•56 views

CVE-2022-41425

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4decrypt.

6.5CVSS6.4AI score0.00103EPSS

CVE•added 2022/05/16 2:15 p.m.•55 views

CVE-2022-29017

Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S.

5.5CVSS5.5AI score0.00131EPSS

CVE•added 2022/10/26 7:15 p.m.•55 views

CVE-2022-3666

A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit...

7.8CVSS7.4AI score0.00071EPSS

CVE•added 2022/10/26 7:15 p.m.•55 views

CVE-2022-3669

A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The ...

5.5CVSS5.4AI score0.00097EPSS

CVE•added 2021/07/13 10:15 p.m.•54 views

CVE-2020-19717

An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).

6.5CVSS6.3AI score0.00285EPSS

CVE•added 2021/08/17 10:15 p.m.•54 views

CVE-2020-23334

A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault.

7.5CVSS7.4AI score0.00334EPSS

CVE•added 2025/02/19 11:15 p.m.•54 views

CVE-2025-25943

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp.

7.8CVSS7.3AI score0.00049EPSS

CVE•added 2024/04/02 6:15 p.m.•53 views

CVE-2024-30808

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.

2.7CVSS6.7AI score0.00038EPSS

CVE•added 2021/08/17 10:15 p.m.•52 views

CVE-2020-23333

A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS).

7.5CVSS7.5AI score0.00391EPSS

CVE•added 2022/06/10 6:15 p.m.•52 views

CVE-2022-31282

Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175.

5.5CVSS5.5AI score0.00157EPSS

CVE•added 2022/12/17 1:15 p.m.•52 views

CVE-2022-4584

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to t...

8.8CVSS7.6AI score0.00105EPSS

CVE•added 2025/02/19 11:15 p.m.•52 views

CVE-2025-25946

An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process, during the execution of mp4encrypt with a specially crafted MP4 input file.

5.5CVSS6.6AI score0.00018EPSS

CVE•added 2022/10/03 2:15 p.m.•51 views

CVE-2022-41423

Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component.

6.5CVSS6.4AI score0.00087EPSS

CVE•added 2022/11/13 10:15 a.m.•50 views

CVE-2022-3974

A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is the function AP4_StdcFileByteStream::ReadPartial of the file Ap4StdCFileByteStream.cpp of the component mp4info. The manipulation leads to heap-based buffer overflow. The attack can be launched r...

8.8CVSS7.7AI score0.00065EPSS

CVE•added 2022/09/30 5:15 a.m.•50 views

CVE-2022-41845

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h.

5.5CVSS5.5AI score0.00028EPSS

CVE•added 2024/04/02 6:15 p.m.•50 views

CVE-2024-30807

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.

7.5CVSS6.7AI score0.00079EPSS

CVE•added 2024/04/02 8:16 a.m.•50 views

CVE-2024-31004

An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment.

9.8CVSS7.8AI score0.02968EPSS

CVE•added 2025/02/19 11:15 p.m.•50 views

CVE-2025-25942

An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when processing invalid files. Specifically, memory allocated in SampleArray::SampleArray in Mp4Fragment.cpp is not properly released.

6.5CVSS6.1AI score0.00046EPSS

CVE•added 2025/02/19 11:15 p.m.•50 views

CVE-2025-25947

An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4_AtomParent::RemoveChild, during the execution of mp4encrypt with a specially crafted MP4 input file.

5.5CVSS6.6AI score0.00018EPSS

CVE•added 2021/08/17 10:15 p.m.•49 views

CVE-2020-23330

An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS).

7.5CVSS7.2AI score0.00336EPSS

CVE•added 2022/11/01 10:15 p.m.•49 views

CVE-2022-3817

A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be u...

6.5CVSS5.5AI score0.00055EPSS

CVE•added 2022/09/30 5:15 a.m.•49 views

CVE-2022-41841

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.

5.5CVSS5.4AI score0.00026EPSS

CVE•added 2024/04/02 6:15 p.m.•49 views

CVE-2024-30806

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.

6.5CVSS7.1AI score0.00146EPSS

CVE•added 2025/02/19 11:15 p.m.•49 views

CVE-2025-25945

An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Fragment.cpp and in AP4_DescriptorFactory::CreateDescriptorFromStream at Ap4DescriptorFactory.cpp.

6.5CVSS6.1AI score0.00046EPSS

Total number of security vulnerabilities155