Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7699 | 1 Axiosys | 1 Bento4 | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service. | |||||
| CVE-2019-7698 | 1 Axiosys | 1 Bento4 | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095. | |||||
| CVE-2019-6966 | 1 Axiosys | 1 Bento4 | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls. | |||||
| CVE-2019-20090 | 1 Axiosys | 1 Bento4 | 2020-01-07 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp. | |||||
| CVE-2019-20091 | 1 Axiosys | 1 Bento4 | 2020-01-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp. | |||||
| CVE-2019-20092 | 1 Axiosys | 1 Bento4 | 2020-01-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp. | |||||
| CVE-2019-17529 | 1 Axiosys | 1 Bento4 | 2019-10-17 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp. | |||||
| CVE-2019-17530 | 1 Axiosys | 1 Bento4 | 2019-10-17 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp. | |||||
| CVE-2019-17452 | 1 Axiosys | 1 Bento4 | 2019-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump. | |||||
| CVE-2019-17454 | 1 Axiosys | 1 Bento4 | 2019-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info. | |||||
| CVE-2019-17453 | 1 Axiosys | 1 Bento4 | 2019-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact. | |||||
| CVE-2018-14587 | 1 Axiosys | 1 Bento4 | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4ByteStream.cpp has a buffer over-read. | |||||
| CVE-2018-5253 | 1 Axiosys | 1 Bento4 | 2019-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling. | |||||
| CVE-2018-20659 | 1 Axiosys | 1 Bento4 | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls. | |||||
| CVE-2018-20409 | 1 Axiosys | 1 Bento4 | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls. | |||||
| CVE-2018-20408 | 1 Axiosys | 1 Bento4 | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls. | |||||
| CVE-2018-20407 | 1 Axiosys | 1 Bento4 | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42hls. | |||||
| CVE-2018-20095 | 1 Axiosys | 1 Bento4 | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls. | |||||
| CVE-2018-14589 | 1 Axiosys | 1 Bento4 | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read. | |||||
| CVE-2018-14588 | 1 Axiosys | 1 Bento4 | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | |||||