VYPR

Bento4

by Bento4

Source repositories

CVEs (169)

  • CVE-2018-14588HigJul 24, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.

  • CVE-2018-13848HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp.

  • CVE-2018-13847HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp.

  • CVE-2017-14646HigSep 21, 2017
    risk 0.49cvss 7.5epss 0.02

    The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.

  • CVE-2024-57513MedJan 29, 2025
    risk 0.42cvss 6.5epss 0.00

    A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4.

  • CVE-2018-14445MedJul 20, 2018
    risk 0.42cvss 6.5epss 0.01

    In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file.

  • CVE-2017-14645MedSep 21, 2017
    risk 0.42cvss 6.5epss 0.01

    A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service.

  • CVE-2017-14643MedSep 21, 2017
    risk 0.42cvss 6.5epss 0.02

    The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h.

  • CVE-2017-14642MedSep 21, 2017
    risk 0.42cvss 6.5epss 0.02

    A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash in AP4_StdcFileByteStream::ReadPartial in System/StdC/Ap4StdCFileByteStream.cpp, which leads to remote denial of…

  • CVE-2017-14641MedSep 21, 2017
    risk 0.42cvss 6.5epss 0.02

    A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

  • CVE-2017-14640MedSep 21, 2017
    risk 0.42cvss 6.5epss 0.02

    A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

  • CVE-2017-14638MedSep 21, 2017
    risk 0.42cvss 6.5epss 0.02

    AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h.

  • CVE-2018-14545MedJul 23, 2018
    risk 0.36cvss 5.5epss 0.01

    There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.

  • CVE-2018-14544MedJul 23, 2018
    risk 0.36cvss 5.5epss 0.01

    There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.

  • CVE-2018-14543MedJul 23, 2018
    risk 0.36cvss 5.5epss 0.01

    There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump.

  • CVE-2017-12476MedSep 6, 2017
    risk 0.36cvss 5.5epss 0.01

    The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

  • CVE-2017-12475MedSep 6, 2017
    risk 0.36cvss 5.5epss 0.01

    The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

  • CVE-2017-12474MedSep 6, 2017
    risk 0.36cvss 5.5epss 0.01

    The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

  • CVE-2026-5236MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument n_presentations leads to heap-based buffer overflow. The attack…

  • CVE-2026-5235MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation causes heap-based buffer overflow. The attack needs to be launched locally. The…

Page 2 of 9