CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13238
https://notcve.org/view.php?id=CVE-2019-13238
04 Jul 2019 — An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL pointer. Se ha descubierto un problema en Bento4 versión 1.5.1.0. • https://github.com/axiomatic-systems/Bento4/issues/396 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9544
https://notcve.org/view.php?id=CVE-2019-9544
01 Mar 2019 — An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4_CttsTableEntry::AP4_CttsTableEntry() located in Core/Ap4Array.h. It can be triggered by sending a crafted file to (for example) the mp42hls binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Bento4 1.5.1-628. • https://github.com/axiomatic-systems/Bento4/issues/374 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-8378
https://notcve.org/view.php?id=CVE-2019-8378
17 Feb 2019 — An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Bento4 1.5.1-628. • https://github.com/axiomatic-systems/Bento4/issues/363 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-8380
https://notcve.org/view.php?id=CVE-2019-8380
17 Feb 2019 — An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Bento4 1.5.1-628. • https://github.com/axiomatic-systems/Bento4/issues/366 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-8382
https://notcve.org/view.php?id=CVE-2019-8382
17 Feb 2019 — An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Bento4 1.5.1-628. • https://github.com/axiomatic-systems/Bento4/issues/364 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7697
https://notcve.org/view.php?id=CVE-2019-7697
10 Feb 2019 — An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls. Se ha descubierto un problema en Bento4 v1.5.1-627. Hay un fallo de aserción en AP4_AtomListWriter::Action en Core/Ap4Atom.cpp, que conduce a una denegación de servicio (cierre inesperado del programa), tal y como queda demostrado con mp42hls. • https://github.com/axiomatic-systems/Bento4/issues/351 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7698
https://notcve.org/view.php?id=CVE-2019-7698
10 Feb 2019 — An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095. Se ha descubierto un problema en AP4_Array::EnsureCapacity en Bento4 1.5.1-627. Las entradas MP4 manipuladas desencadenan un intento de asignación de memoria excesiva, tal y como queda demostrado con mp42hls. Este problema está relacionado con CVE-2018-20095. • https://github.com/axiomatic-systems/Bento4/issues/354 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7699
https://notcve.org/view.php?id=CVE-2019-7699
10 Feb 2019 — A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted mp4 input, which leads to a denial of service. Existe una sobrelectura de búfer basada en memoria dinámica (heap) en AP4_BitStream::WriteBytes en Codecs/Ap4BitStream.cpp en Bento4 v1.5.1-627. Los atacantes remotos podrían aprovechar esta vulnerabilidad para provocar una excepción mediante entradas mp4 manipulad... • https://github.com/axiomatic-systems/Bento4/issues/355 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6966
https://notcve.org/view.php?id=CVE-2019-6966
25 Jan 2019 — An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls. Se ha descubierto un problema en Bento4 1.5.1-628. La clase AP4_ElstAtom en Core/Ap4ElstAtom.cpp tiene un intento de asignación de memoria excesiva cuando está relacionada con AP4_Array::EnsureCapacity en Core/Ap4Array.h, tal y como queda demostrado con mp42hls. • https://github.com/axiomatic-systems/Bento4/issues/361 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6132
https://notcve.org/view.php?id=CVE-2019-6132
11 Jan 2019 — An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac. Se ha descubierto un problema en Bento4 v1.5.1-627. Hay una fuga de memoria en AP4_DescriptorFactory::CreateDescriptorFromStream en Core/Ap4DescriptorFactory.cpp cuando se llama desde la clase AP4_EsdsAtom en Core/Ap4EsdsAtom.cpp, tal y como queda demostrado con m... • https://github.com/axiomatic-systems/Bento4/issues/357 • CWE-401: Missing Release of Memory after Effective Lifetime •