Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Bento4
(Axiosys)| Repositories | https://github.com/axiomatic-systems/Bento4 |
| #Vulnerabilities | 136 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-12-17 | CVE-2018-20186 | An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. | Bento4 | 6.5 | ||
| 2018-12-12 | CVE-2018-20095 | An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls. | Bento4 | 6.5 | ||
| 2018-07-24 | CVE-2018-14590 | An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp. | Bento4 | 7.5 | ||
| 2018-07-24 | CVE-2018-14589 | An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read. | Bento4 | 8.8 | ||
| 2018-07-24 | CVE-2018-14588 | An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | Bento4 | 7.5 | ||
| 2018-07-24 | CVE-2018-14587 | An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4ByteStream.cpp has a buffer over-read. | Bento4 | 8.8 | ||
| 2018-07-24 | CVE-2018-14586 | An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532. | Bento4 | 8.8 | ||
| 2018-07-24 | CVE-2018-14585 | An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class. | Bento4 | 8.8 | ||
| 2018-07-24 | CVE-2018-14584 | An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read. | Bento4 | 8.8 | ||
| 2018-07-23 | CVE-2018-14545 | There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts. | Bento4 | 5.5 |