Bento4 Security Vulnerabilities and Issues — Bento4 CVE List

Lucene search

AxiosysBento4

35 matches found

CVE•added 2023/04/12 1:15 p.m.•103 views

CVE-2023-29574

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.

5.5CVSS5.5AI score0.0003EPSS

CVE•added 2019/12/30 4:15 a.m.•90 views

CVE-2019-20091

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp.

5.5CVSS5.5AI score0.00266EPSS

CVE•added 2019/12/30 4:15 a.m.•90 views

CVE-2019-20092

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.

5.5CVSS5.5AI score0.00266EPSS

CVE•added 2024/02/09 3:15 p.m.•73 views

CVE-2024-25452

Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.

5.5CVSS5.5AI score0.0002EPSS

CVE•added 2022/06/10 6:15 p.m.•62 views

CVE-2022-31287

An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp.

5.5CVSS5.5AI score0.00157EPSS

CVE•added 2024/02/09 3:15 p.m.•61 views

CVE-2024-25454

Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.

5.5CVSS5.5AI score0.0002EPSS

CVE•added 2022/10/26 7:15 p.m.•60 views

CVE-2022-3668

A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to th...

5.5CVSS5.4AI score0.00053EPSS

CVE•added 2022/10/26 7:15 p.m.•58 views

CVE-2022-3663

A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. This issue affects the function AP4_StsdAtom of the file Ap4StsdAtom.cpp of the component MP4fragment. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disc...

5.5CVSS5.4AI score0.00053EPSS

CVE•added 2022/05/16 2:15 p.m.•55 views

CVE-2022-29017

Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S.

5.5CVSS5.5AI score0.00131EPSS

CVE•added 2022/10/26 7:15 p.m.•55 views

CVE-2022-3669

A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The ...

5.5CVSS5.4AI score0.00097EPSS

CVE•added 2022/06/10 6:15 p.m.•52 views

CVE-2022-31282

Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175.

5.5CVSS5.5AI score0.00157EPSS

CVE•added 2025/02/19 11:15 p.m.•52 views

CVE-2025-25946

An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process, during the execution of mp4encrypt with a specially crafted MP4 input file.

5.5CVSS6.6AI score0.00018EPSS

CVE•added 2022/09/30 5:15 a.m.•50 views

CVE-2022-41845

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array::EnsureCapacity in Core/Ap4Array.h.

5.5CVSS5.5AI score0.00028EPSS

CVE•added 2025/02/19 11:15 p.m.•50 views

CVE-2025-25947

An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4_AtomParent::RemoveChild, during the execution of mp4encrypt with a specially crafted MP4 input file.

5.5CVSS6.6AI score0.00018EPSS

CVE•added 2022/09/30 5:15 a.m.•49 views

CVE-2022-41841

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.

5.5CVSS5.4AI score0.00026EPSS

CVE•added 2022/06/10 6:15 p.m.•48 views

CVE-2022-31285

An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h.

5.5CVSS5.5AI score0.00157EPSS

CVE•added 2022/09/30 5:15 a.m.•47 views

CVE-2022-41846

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.

5.5CVSS5.5AI score0.00026EPSS

CVE•added 2022/06/28 1:15 p.m.•44 views

CVE-2021-40943

In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS).

5.5CVSS5.4AI score0.00142EPSS

CVE•added 2022/08/18 5:15 a.m.•44 views

CVE-2022-35165

An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input.

5.5CVSS5.3AI score0.00028EPSS

CVE•added 2022/09/18 7:15 p.m.•44 views

CVE-2022-40775

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.

5.5CVSS5.4AI score0.00072EPSS

CVE•added 2022/09/30 5:15 a.m.•43 views

CVE-2022-41847

An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.

5.5CVSS5.4AI score0.00175EPSS

CVE•added 2022/10/19 6:15 p.m.•39 views

CVE-2022-40885

Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service.

5.5CVSS5.4AI score0.00029EPSS

CVE•added 2017/09/06 8:29 a.m.•37 views

CVE-2017-12475

The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

5.5CVSS5.3AI score0.00256EPSS

CVE•added 2022/09/18 7:15 p.m.•37 views

CVE-2022-40774

An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize.

5.5CVSS5.4AI score0.00072EPSS

CVE•added 2024/02/09 3:15 p.m.•37 views

CVE-2024-25453

Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function.

5.5CVSS5.5AI score0.0002EPSS

CVE•added 2018/07/23 8:29 a.m.•36 views

CVE-2018-14543

There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump.

5.5CVSS5.2AI score0.0018EPSS

CVE•added 2023/04/13 8:15 p.m.•36 views

CVE-2023-29573

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component.

5.5CVSS5.5AI score0.00054EPSS

CVE•added 2022/10/19 6:15 p.m.•34 views

CVE-2022-40884

Bento4 1.6.0 has memory leaks via the mp4fragment.

5.5CVSS5.5AI score0.00041EPSS

CVE•added 2018/07/23 8:29 a.m.•33 views

CVE-2018-14545

There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.

5.5CVSS5.2AI score0.00178EPSS

CVE•added 2018/07/23 8:29 a.m.•32 views

CVE-2018-14544

There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.

5.5CVSS5.2AI score0.00178EPSS

CVE•added 2023/04/21 2:15 p.m.•32 views

CVE-2023-29575

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component.

5.5CVSS5.5AI score0.00054EPSS

CVE•added 2023/08/22 7:16 p.m.•31 views

CVE-2023-38666

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt.

5.5CVSS5.5AI score0.0005EPSS

CVE•added 2019/09/16 1:15 p.m.•30 views

CVE-2019-16349

Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class.

5.5CVSS5.4AI score0.00178EPSS

CVE•added 2021/04/21 6:15 p.m.•27 views

CVE-2020-23912

An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer dereference exists in the function AP4_StszAtom::GetSampleSize() located in Ap4StszAtom.cpp. It allows an attacker to cause Denial of Service.

5.5CVSS5.3AI score0.00165EPSS

CVE•added 2023/04/11 9:15 p.m.•23 views

CVE-2023-29576

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h.

5.5CVSS5.5AI score0.00048EPSS