Bento4 Security Vulnerabilities and Issues — Bento4 CVE List

Lucene search

AxiosysBento4

13 matches found

CVE•added 2024/02/09 3:15 p.m.•73 views

CVE-2024-25452

Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.

5.5CVSS5.5AI score0.0002EPSS

CVE•added 2024/02/29 1:44 a.m.•72 views

CVE-2024-24155

Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mp4 file.

6.5CVSS6.5AI score0.00278EPSS

CVE•added 2024/02/09 3:15 p.m.•72 views

CVE-2024-25451

Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.

6.5CVSS6.5AI score0.00054EPSS

CVE•added 2024/02/09 3:15 p.m.•61 views

CVE-2024-25454

Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.

5.5CVSS5.5AI score0.0002EPSS

CVE•added 2024/04/02 6:15 p.m.•53 views

CVE-2024-30808

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.

2.7CVSS6.7AI score0.00038EPSS

CVE•added 2024/04/02 6:15 p.m.•50 views

CVE-2024-30807

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.

7.5CVSS6.7AI score0.00079EPSS

CVE•added 2024/04/02 8:16 a.m.•50 views

CVE-2024-31004

An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment.

9.8CVSS7.8AI score0.05595EPSS

CVE•added 2024/04/02 6:15 p.m.•49 views

CVE-2024-30806

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.

6.5CVSS7.1AI score0.00146EPSS

CVE•added 2024/04/02 8:15 a.m.•44 views

CVE-2024-31002

Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.

9.8CVSS7.9AI score0.06236EPSS

CVE•added 2024/04/02 8:16 a.m.•44 views

CVE-2024-31003

Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp.

8.8CVSS7.9AI score0.06796EPSS

CVE•added 2024/04/02 8:16 a.m.•43 views

CVE-2024-31005

An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment

8.1CVSS7.8AI score0.07305EPSS

CVE•added 2024/04/02 6:15 p.m.•40 views

CVE-2024-30809

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts.

7.5CVSS6.7AI score0.00079EPSS

CVE•added 2024/02/09 3:15 p.m.•37 views

CVE-2024-25453

Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function.

5.5CVSS5.5AI score0.0002EPSS