Bento4
by Bento4
Source repositories
CVEs (169)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8537 | Low | 0.24 | 3.7 | 0.01 | Aug 5, 2025 | A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to… | ||
| CVE-2020-19719 | 0.05 | — | 0.06 | Jul 13, 2021 | A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS). | |||
| CVE-2024-31002 | 0.01 | — | 0.01 | Apr 2, 2024 | Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component. | |||
| CVE-2024-31003 | 0.01 | — | 0.01 | Apr 2, 2024 | Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp. | |||
| CVE-2024-31005 | 0.01 | — | 0.01 | Apr 2, 2024 | An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment | |||
| CVE-2025-25942 | 0.00 | — | 0.00 | Feb 19, 2025 | An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when processing invalid files. Specifically, memory allocated in SampleArray::SampleArray in Mp4Fragment.cpp is not properly released. | |||
| CVE-2025-25943 | 0.00 | — | 0.00 | Feb 19, 2025 | Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp. | |||
| CVE-2025-25946 | 0.00 | — | 0.00 | Feb 19, 2025 | An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process, during the execution of mp4encrypt with a specially crafted MP4 input file. | |||
| CVE-2025-25947 | 0.00 | — | 0.00 | Feb 19, 2025 | An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4_AtomParent::RemoveChild, during the execution of mp4encrypt with a specially crafted MP4 input file. | |||
| CVE-2025-25945 | 0.00 | — | 0.00 | Feb 19, 2025 | An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Fragment.cpp and in AP4_DescriptorFactory::CreateDescriptorFromStream at Ap4DescriptorFactory.cpp. | |||
| CVE-2025-25944 | 0.00 | — | 0.00 | Feb 19, 2025 | Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of mp4fragment with a crafted MP4 input file. | |||
| CVE-2024-57598 | 0.00 | — | 0.00 | Feb 5, 2025 | A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability. | |||
| CVE-2025-0870 | 0.00 | — | 0.01 | Jan 30, 2025 | A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4_DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely.… | |||
| CVE-2025-0753 | 0.00 | — | 0.00 | Jan 27, 2025 | A vulnerability classified as critical was found in Axiomatic Bento4 up to 1.6.0. This vulnerability affects the function AP4_StdcFileByteStream::ReadPartial of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The… | |||
| CVE-2025-0751 | 0.00 | — | 0.00 | Jan 27, 2025 | A vulnerability classified as critical has been found in Axiomatic Bento4 up to 1.6.0. This affects the function AP4_BitReader::ReadBits of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit… | |||
| CVE-2024-30806 | 0.00 | — | 0.01 | Apr 2, 2024 | An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac. | |||
| CVE-2024-30809 | 0.00 | — | 0.01 | Apr 2, 2024 | An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts. | |||
| CVE-2024-31004 | 0.00 | — | 0.01 | Apr 2, 2024 | An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment. | |||
| CVE-2024-30807 | 0.00 | — | 0.01 | Apr 2, 2024 | An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts. | |||
| CVE-2024-30808 | 0.00 | — | 0.01 | Apr 2, 2024 | An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts. |
- risk 0.24cvss 3.7epss 0.01
A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to…
- CVE-2020-19719Jul 13, 2021risk 0.05cvss —epss 0.06
A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS).
- CVE-2024-31002Apr 2, 2024risk 0.01cvss —epss 0.01
Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.
- CVE-2024-31003Apr 2, 2024risk 0.01cvss —epss 0.01
Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp.
- CVE-2024-31005Apr 2, 2024risk 0.01cvss —epss 0.01
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment
- CVE-2025-25942Feb 19, 2025risk 0.00cvss —epss 0.00
An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when processing invalid files. Specifically, memory allocated in SampleArray::SampleArray in Mp4Fragment.cpp is not properly released.
- CVE-2025-25943Feb 19, 2025risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp.
- CVE-2025-25946Feb 19, 2025risk 0.00cvss —epss 0.00
An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process, during the execution of mp4encrypt with a specially crafted MP4 input file.
- CVE-2025-25947Feb 19, 2025risk 0.00cvss —epss 0.00
An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4_AtomParent::RemoveChild, during the execution of mp4encrypt with a specially crafted MP4 input file.
- CVE-2025-25945Feb 19, 2025risk 0.00cvss —epss 0.00
An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Fragment.cpp and in AP4_DescriptorFactory::CreateDescriptorFromStream at Ap4DescriptorFactory.cpp.
- CVE-2025-25944Feb 19, 2025risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of mp4fragment with a crafted MP4 input file.
- CVE-2024-57598Feb 5, 2025risk 0.00cvss —epss 0.00
A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability.
- CVE-2025-0870Jan 30, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4_DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely.…
- CVE-2025-0753Jan 27, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in Axiomatic Bento4 up to 1.6.0. This vulnerability affects the function AP4_StdcFileByteStream::ReadPartial of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The…
- CVE-2025-0751Jan 27, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical has been found in Axiomatic Bento4 up to 1.6.0. This affects the function AP4_BitReader::ReadBits of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit…
- CVE-2024-30806Apr 2, 2024risk 0.00cvss —epss 0.01
An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.
- CVE-2024-30809Apr 2, 2024risk 0.00cvss —epss 0.01
An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts.
- CVE-2024-31004Apr 2, 2024risk 0.00cvss —epss 0.01
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment.
- CVE-2024-30807Apr 2, 2024risk 0.00cvss —epss 0.01
An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.
- CVE-2024-30808Apr 2, 2024risk 0.00cvss —epss 0.01
An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.
Page 3 of 9