CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2025-0753 – Axiomatic Bento4 mp42aac ReadPartial heap-based overflow
https://notcve.org/view.php?id=CVE-2025-0753
27 Jan 2025 — A vulnerability classified as critical was found in Axiomatic Bento4 up to 1.6.0. This vulnerability affects the function AP4_StdcFileByteStream::ReadPartial of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/axiomatic-systems/Bento4/issues/991 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2025-0751 – Axiomatic Bento4 mp42aac ReadBits heap-based overflow
https://notcve.org/view.php?id=CVE-2025-0751
27 Jan 2025 — A vulnerability classified as critical has been found in Axiomatic Bento4 up to 1.6.0. This affects the function AP4_BitReader::ReadBits of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/axiomatic-systems/Bento4/issues/991 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-4584 – Axiomatic Bento4 mp42aac heap-based overflow
https://notcve.org/view.php?id=CVE-2022-4584
17 Dec 2022 — A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. • https://github.com/axiomatic-systems/Bento4/files/10095915/POC2.tar.gz • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-3810 – Axiomatic Bento4 mp42hevc Mp42Hevc.cpp AP4_File denial of service
https://notcve.org/view.php?id=CVE-2022-3810
01 Nov 2022 — A vulnerability was found in Axiomatic Bento4. It has been classified as problematic. This affects the function AP4_File::AP4_File of the file Mp42Hevc.cpp of the component mp42hevc. The manipulation leads to denial of service. It is possible to initiate the attack remotely. • https://github.com/axiomatic-systems/Bento4/files/9653209/poc_Bento4.zip • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-3809 – Axiomatic Bento4 mp4tag Mp4Tag.cpp ParseCommandLine denial of service
https://notcve.org/view.php?id=CVE-2022-3809
01 Nov 2022 — A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/axiomatic-systems/Bento4/files/9653209/poc_Bento4.zip • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41841
https://notcve.org/view.php?id=CVE-2022-41841
30 Sep 2022 — An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File. Se ha detectado un problema en Bento4 versiones hasta 1.6.0-639. Es producida una desreferencia de puntero NULL en la función AP4_File::ParseStream en el archivo Core/Ap4File.cpp, que es llamada desde AP4_File::AP4_File • https://github.com/axiomatic-systems/Bento4/issues/779 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40774
https://notcve.org/view.php?id=CVE-2022-40774
18 Sep 2022 — An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize. Se ha detectado un problema en Bento4 versiones hasta 1.6.0-639. Es producida una desreferencia de puntero NULL en la función AP4_StszAtom::GetSampleSize • https://github.com/axiomatic-systems/Bento4/issues/757 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40775
https://notcve.org/view.php?id=CVE-2022-40775
18 Sep 2022 — An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields. Se ha detectado un problema en Bento4 versiones hasta 1.6.0-639. Es producida una desreferencia de puntero NULL en la función AP4_StszAtom::WriteFields • https://github.com/axiomatic-systems/Bento4/issues/758 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40738
https://notcve.org/view.php?id=CVE-2022-40738
15 Sep 2022 — An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, called from AP4_EsDescriptor::WriteFields and AP4_Expandable::Write. Se ha detectado un problema en Bento4 versiones hasta 1.6.0-639. Se produce una desreferencia de puntero NULL en el archivo AP4_DescriptorListWriter::Action en Core/Ap4Descriptor.h, llamada desde AP4_EsDescriptor::WriteFields y AP4_Expandable::Write • https://github.com/axiomatic-systems/Bento4/issues/756 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40737
https://notcve.org/view.php?id=CVE-2022-40737
15 Sep 2022 — An issue was discovered in Bento4 through 1.6.0-639. A buffer over-read exists in the function AP4_StdcFileByteStream::WritePartial located in System/StdC/Ap4StdCFileByteStream.cpp, called from AP4_ByteStream::Write and AP4_HdlrAtom::WriteFields. Se ha detectado un problema en Bento4 versiones hasta 1.6.0-639. Se presenta una lectura excesiva del búfer en la función AP4_StdcFileByteStream::WritePartial ubicada en el archivo System/StdC/Ap4StdCFileByteStream.cpp, llamada desde AP4_ByteStream::Write y AP4_Hdl... • https://github.com/axiomatic-systems/Bento4/issues/756 • CWE-125: Out-of-bounds Read •