Total
136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20409 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls. | |||||
| CVE-2019-7698 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095. | |||||
| CVE-2018-14544 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts. | |||||
| CVE-2018-14587 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4ByteStream.cpp has a buffer over-read. | |||||
| CVE-2018-14586 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532. | |||||
| CVE-2018-14532 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue to CVE-2018-13846. | |||||
| CVE-2018-14584 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read. | |||||
| CVE-2018-20095 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls. | |||||
| CVE-2019-6966 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls. | |||||
| CVE-2018-13846 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp has a heap-based buffer over-read after a call from Mp42Ts.cpp, a related issue to CVE-2018-14532. | |||||
| CVE-2018-13847 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp. | |||||
| CVE-2018-13848 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp. | |||||
| CVE-2018-5253 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling. | |||||
| CVE-2017-14260 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. | |||||
| CVE-2017-14646 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | |||||
| CVE-2017-12475 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |||||