Axiosys: >> Bento4 >> 1.5.1-624 Security Vulnerabilities
There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-07-23
In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-07-20
An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp has a heap-based buffer over-read after a call from Mp42Ts.cpp, a related issue to CVE-2018-14532.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-07-10
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-07-10
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-07-10
Page 4