Total
136 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-14585 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class. | |||||
CVE-2018-14544 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts. | |||||
CVE-2018-14588 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | |||||
CVE-2018-20408 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls. | |||||
CVE-2018-20186 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. | |||||
CVE-2018-20407 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42hls. | |||||
CVE-2018-14445 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file. | |||||
CVE-2018-14532 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue to CVE-2018-13846. | |||||
CVE-2018-14531 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp. | |||||
CVE-2018-14545 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts. | |||||
CVE-2019-8378 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
CVE-2018-20659 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls. | |||||
CVE-2018-20095 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls. | |||||
CVE-2019-7697 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls. | |||||
CVE-2019-6966 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls. | |||||
CVE-2019-7698 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095. | |||||
CVE-2018-20502 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in the AP4_DataBuffer class when called from AP4_HvccAtom::Create in Core/Ap4HvccAtom.cpp. | |||||
CVE-2019-7699 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service. | |||||
CVE-2018-14586 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532. | |||||
CVE-2018-14584 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read. |