Vulnerabilities (CVE)

Filtered by vendor Axiosys Subscribe
Filtered by product Bento4
Total 136 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-19719 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS).
CVE-2020-19718 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).
CVE-2020-19717 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).
CVE-2019-9544 1 Axiosys 1 Bento4 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4_CttsTableEntry::AP4_CttsTableEntry() located in Core/Ap4Array.h. It can be triggered by sending a crafted file to (for example) the mp42hls binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2019-8382 1 Axiosys 1 Bento4 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2019-8380 1 Axiosys 1 Bento4 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2019-8378 1 Axiosys 1 Bento4 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2019-7699 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service.
CVE-2019-7698 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095.
CVE-2019-7697 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls.
CVE-2019-6966 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.
CVE-2019-6132 1 Axiosys 1 Bento4 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac.
CVE-2019-20092 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.
CVE-2019-20091 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp.
CVE-2019-20090 1 Axiosys 1 Bento4 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.
CVE-2019-17530 1 Axiosys 1 Bento4 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.
CVE-2019-17529 1 Axiosys 1 Bento4 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.
CVE-2019-17528 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 7.5 HIGH
An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.
CVE-2019-17454 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info.
CVE-2019-17453 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.