Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Axiosys Subscribe
Filtered by product Bento4
Total 127 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7699 1 Axiosys 1 Bento4 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service.
CVE-2019-7698 1 Axiosys 1 Bento4 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095.
CVE-2019-6966 1 Axiosys 1 Bento4 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.
CVE-2019-20090 1 Axiosys 1 Bento4 2020-01-07 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.
CVE-2019-20091 1 Axiosys 1 Bento4 2020-01-07 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp.
CVE-2019-20092 1 Axiosys 1 Bento4 2020-01-07 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.
CVE-2019-17529 1 Axiosys 1 Bento4 2019-10-17 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.
CVE-2019-17530 1 Axiosys 1 Bento4 2019-10-17 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.
CVE-2019-17452 1 Axiosys 1 Bento4 2019-10-11 4.3 MEDIUM 6.5 MEDIUM
Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.
CVE-2019-17454 1 Axiosys 1 Bento4 2019-10-11 4.3 MEDIUM 6.5 MEDIUM
Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info.
CVE-2019-17453 1 Axiosys 1 Bento4 2019-10-11 4.3 MEDIUM 6.5 MEDIUM
Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.
CVE-2018-14587 1 Axiosys 1 Bento4 2019-10-02 6.8 MEDIUM 8.8 HIGH
An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4ByteStream.cpp has a buffer over-read.
CVE-2018-5253 1 Axiosys 1 Bento4 2019-10-02 6.8 MEDIUM 7.8 HIGH
The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.
CVE-2018-20659 1 Axiosys 1 Bento4 2019-10-02 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls.
CVE-2018-20409 1 Axiosys 1 Bento4 2019-10-02 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls.
CVE-2018-20408 1 Axiosys 1 Bento4 2019-10-02 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls.
CVE-2018-20407 1 Axiosys 1 Bento4 2019-10-02 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42hls.
CVE-2018-20095 1 Axiosys 1 Bento4 2019-10-02 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls.
CVE-2018-14589 1 Axiosys 1 Bento4 2019-10-02 6.8 MEDIUM 8.8 HIGH
An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read.
CVE-2018-14588 1 Axiosys 1 Bento4 2019-10-02 5.0 MEDIUM 7.5 HIGH
An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.