CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-8380
https://notcve.org/view.php?id=CVE-2019-8380
An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Bento4 1.5.1-628. • https://github.com/axiomatic-systems/Bento4/issues/366 https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-ap4_trackgetsampleindexfortimestampms-bento4-1-5-1-628 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7697
https://notcve.org/view.php?id=CVE-2019-7697
An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls. Se ha descubierto un problema en Bento4 v1.5.1-627. Hay un fallo de aserción en AP4_AtomListWriter::Action en Core/Ap4Atom.cpp, que conduce a una denegación de servicio (cierre inesperado del programa), tal y como queda demostrado con mp42hls. • https://github.com/axiomatic-systems/Bento4/issues/351 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7698
https://notcve.org/view.php?id=CVE-2019-7698
An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095. Se ha descubierto un problema en AP4_Array::EnsureCapacity en Bento4 1.5.1-627. Las entradas MP4 manipuladas desencadenan un intento de asignación de memoria excesiva, tal y como queda demostrado con mp42hls. Este problema está relacionado con CVE-2018-20095. • https://github.com/axiomatic-systems/Bento4/issues/354 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7699
https://notcve.org/view.php?id=CVE-2019-7699
A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en AP4_BitStream::WriteBytes en Codecs/Ap4BitStream.cpp en Bento4 v1.5.1-627. Los atacantes remotos podrían aprovechar esta vulnerabilidad para provocar una excepción mediante entradas mp4 manipuladas, lo que conduce a una denegación de servicio (DoS). • https://github.com/axiomatic-systems/Bento4/issues/355 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6966
https://notcve.org/view.php?id=CVE-2019-6966
An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls. Se ha descubierto un problema en Bento4 1.5.1-628. La clase AP4_ElstAtom en Core/Ap4ElstAtom.cpp tiene un intento de asignación de memoria excesiva cuando está relacionada con AP4_Array::EnsureCapacity en Core/Ap4Array.h, tal y como queda demostrado con mp42hls. • https://github.com/axiomatic-systems/Bento4/issues/361 • CWE-770: Allocation of Resources Without Limits or Throttling •