Bento4 Security Vulnerabilities and Issues — Page 2 of Bento4 CVE List

Lucene search

AxiosysBento4

155 matches found

CVE•added 2018/07/23 8:29 a.m.•48 views

CVE-2018-14531

An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp.

9.8CVSS8.8AI score0.00468EPSS

CVE•added 2021/07/13 10:15 p.m.•48 views

CVE-2020-19718

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).

6.5CVSS6.3AI score0.00285EPSS

CVE•added 2022/06/10 6:15 p.m.•48 views

CVE-2022-31285

An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h.

5.5CVSS5.5AI score0.00157EPSS

CVE•added 2022/10/26 7:15 p.m.•48 views

CVE-2022-3665

A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclose...

7.8CVSS7.6AI score0.00064EPSS

CVE•added 2025/02/19 11:15 p.m.•48 views

CVE-2025-25944

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of mp4fragment with a crafted MP4 input file.

7.3CVSS7.3AI score0.00037EPSS

CVE•added 2021/07/13 10:15 p.m.•47 views

CVE-2020-19719

A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS).

6.5CVSS6.5AI score0.604EPSS

CVE•added 2022/11/01 10:15 p.m.•47 views

CVE-2022-3814

A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of ...

6.5CVSS5.6AI score0.00055EPSS

CVE•added 2022/10/03 2:15 p.m.•47 views

CVE-2022-41419

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary.

6.5CVSS6.4AI score0.00086EPSS

CVE•added 2022/10/03 2:15 p.m.•47 views

CVE-2022-41424

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls.

6.5CVSS6.4AI score0.00086EPSS

CVE•added 2022/10/03 2:15 p.m.•47 views

CVE-2022-41427

Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux.

6.5CVSS6.4AI score0.00102EPSS

CVE•added 2022/09/30 5:15 a.m.•47 views

CVE-2022-41846

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.

5.5CVSS5.5AI score0.00026EPSS

CVE•added 2022/10/03 2:15 p.m.•46 views

CVE-2022-41429

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag.

8.8CVSS8.8AI score0.00133EPSS

CVE•added 2021/07/13 10:15 p.m.•45 views

CVE-2020-19720

An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).

6.5CVSS6.3AI score0.00285EPSS

CVE•added 2025/02/05 10:15 p.m.•45 views

CVE-2024-57598

A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability.

6.5CVSS6.6AI score0.00177EPSS

CVE•added 2021/07/13 10:15 p.m.•44 views

CVE-2020-19722

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS).

6.5CVSS6.3AI score0.00285EPSS

CVE•added 2022/06/28 1:15 p.m.•44 views

CVE-2021-40943

In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS).

5.5CVSS5.4AI score0.00142EPSS

CVE•added 2022/08/18 5:15 a.m.•44 views

CVE-2022-35165

An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input.

5.5CVSS5.3AI score0.00028EPSS

CVE•added 2022/09/15 4:15 a.m.•44 views

CVE-2022-40736

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4_CttsAtom::Create in Core/Ap4CttsAtom.cpp.

6.5CVSS6.4AI score0.0011EPSS

CVE•added 2022/09/15 4:15 a.m.•44 views

CVE-2022-40738

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, called from AP4_EsDescriptor::WriteFields and AP4_Expandable::Write.

6.5CVSS6.4AI score0.00156EPSS

CVE•added 2022/09/18 7:15 p.m.•44 views

CVE-2022-40775

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.

5.5CVSS5.4AI score0.00072EPSS

CVE•added 2024/04/02 8:15 a.m.•44 views

CVE-2024-31002

Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.

9.8CVSS7.9AI score0.06236EPSS

CVE•added 2024/04/02 8:16 a.m.•44 views

CVE-2024-31003

Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp.

8.8CVSS7.9AI score0.06796EPSS

CVE•added 2025/01/27 8:15 p.m.•44 views

CVE-2025-0751

A vulnerability classified as critical has been found in Axiomatic Bento4 up to 1.6.0. This affects the function AP4_BitReader::ReadBits of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to ...

7.5CVSS7.2AI score0.00056EPSS

CVE•added 2022/10/31 9:15 p.m.•43 views

CVE-2022-3784

A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4_Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched remo...

7.8CVSS7.1AI score0.00109EPSS

CVE•added 2022/11/02 1:15 p.m.•43 views

CVE-2022-3809

A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclose...

6.5CVSS5.3AI score0.00056EPSS

CVE•added 2022/11/01 10:15 p.m.•43 views

CVE-2022-3812

A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the...

6.5CVSS5.4AI score0.00054EPSS

CVE•added 2022/11/01 10:15 p.m.•43 views

CVE-2022-3815

A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

6.5CVSS5.5AI score0.00055EPSS

CVE•added 2022/11/01 10:15 p.m.•43 views

CVE-2022-3816

A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-21...

6.5CVSS5.5AI score0.00055EPSS

CVE•added 2022/09/30 5:15 a.m.•43 views

CVE-2022-41847

An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.

5.5CVSS5.4AI score0.00175EPSS

CVE•added 2024/04/02 8:16 a.m.•43 views

CVE-2024-31005

An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment

8.1CVSS7.8AI score0.07305EPSS

CVE•added 2017/09/21 5:29 p.m.•42 views

CVE-2017-14646

The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.

7.5CVSS7.5AI score0.00956EPSS

CVE•added 2022/11/02 1:15 p.m.•42 views

CVE-2022-3810

A vulnerability was found in Axiomatic Bento4. It has been classified as problematic. This affects the function AP4_File::AP4_File of the file Mp42Hevc.cpp of the component mp42hevc. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been di...

6.5CVSS5.4AI score0.00056EPSS

CVE•added 2022/11/01 10:15 p.m.•42 views

CVE-2022-3813

A vulnerability classified as problematic has been found in Axiomatic Bento4. This affects an unknown part of the component mp4edit. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated id...

6.5CVSS5.5AI score0.00055EPSS

CVE•added 2022/10/03 2:15 p.m.•42 views

CVE-2022-41428

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux.

8.8CVSS8.8AI score0.00123EPSS

CVE•added 2025/01/30 1:15 p.m.•42 views

CVE-2025-0870

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4_DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The complexity of a...

6.3CVSS5.6AI score0.00072EPSS

CVE•added 2019/10/10 5:15 p.m.•41 views

CVE-2019-17454

Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info.

6.5CVSS6.4AI score0.00285EPSS

CVE•added 2022/10/19 2:15 p.m.•41 views

CVE-2022-43033

An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a crafted input.

6.5CVSS6.3AI score0.00086EPSS

CVE•added 2022/06/27 6:15 p.m.•40 views

CVE-2021-40941

In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS).

7.5CVSS7.3AI score0.00317EPSS

CVE•added 2022/09/14 9:15 p.m.•40 views

CVE-2022-40438

Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file.

6.5CVSS6.3AI score0.00133EPSS

CVE•added 2022/10/03 2:15 p.m.•40 views

CVE-2022-41426

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split.

6.5CVSS6.4AI score0.00102EPSS

CVE•added 2022/10/19 2:15 p.m.•40 views

CVE-2022-43032

An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac.

6.5CVSS6.4AI score0.0011EPSS

CVE•added 2024/04/02 6:15 p.m.•40 views

CVE-2024-30809

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts.

7.5CVSS6.7AI score0.00079EPSS

CVE•added 2022/10/19 6:15 p.m.•39 views

CVE-2022-40885

Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service.

5.5CVSS5.4AI score0.00029EPSS

CVE•added 2025/01/27 9:15 p.m.•39 views

CVE-2025-0753

A vulnerability classified as critical was found in Axiomatic Bento4 up to 1.6.0. This vulnerability affects the function AP4_StdcFileByteStream::ReadPartial of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been di...

7.5CVSS7.2AI score0.00056EPSS

CVE•added 2019/07/04 2:15 p.m.•38 views

CVE-2019-13238

An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL pointe...

7.5CVSS6.5AI score0.0087EPSS

CVE•added 2022/10/19 2:15 p.m.•38 views

CVE-2022-43037

An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp.

6.5CVSS6.4AI score0.00086EPSS

CVE•added 2022/10/19 2:15 p.m.•38 views

CVE-2022-43038

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts.

6.5CVSS6.6AI score0.00106EPSS

CVE•added 2017/09/06 8:29 a.m.•37 views

CVE-2017-12475

The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

5.5CVSS5.3AI score0.00256EPSS

CVE•added 2018/07/20 1:29 p.m.•37 views

CVE-2018-14445

In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file.

6.5CVSS6.2AI score0.00333EPSS

CVE•added 2018/07/24 4:29 p.m.•37 views

CVE-2018-14584

An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.

8.8CVSS8.7AI score0.00429EPSS

Total number of security vulnerabilities155