CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13959
https://notcve.org/view.php?id=CVE-2019-13959
In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186. En Bento4 versión 1.5.1-627, AP4_DataBuffer::SetDataSize no maneja los fallos de reasignación, que conduce a una copia de memoria en un puntero NULL. Esto es diferente de CVE-2018-20186. • https://github.com/axiomatic-systems/Bento4/issues/394 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13238
https://notcve.org/view.php?id=CVE-2019-13238
An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL pointer. Se ha descubierto un problema en Bento4 versión 1.5.1.0. • https://github.com/axiomatic-systems/Bento4/issues/396 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9544
https://notcve.org/view.php?id=CVE-2019-9544
An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4_CttsTableEntry::AP4_CttsTableEntry() located in Core/Ap4Array.h. It can be triggered by sending a crafted file to (for example) the mp42hls binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Bento4 1.5.1-628. • https://github.com/axiomatic-systems/Bento4/issues/374 https://research.loginsoft.com/bugs/out-of-bounds-write-in-function-ap4_cttstableentryap4_cttstableentry-bento4-1-5-1-0 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-8378
https://notcve.org/view.php?id=CVE-2019-8378
An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Bento4 1.5.1-628. • https://github.com/axiomatic-systems/Bento4/issues/363 https://research.loginsoft.com/bugs/a-heap-buffer-overflow-vulnerability-in-the-function-ap4_bitstreamreadbytes-bento4-1-5-1-628 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-8382
https://notcve.org/view.php?id=CVE-2019-8382
An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se ha descubierto un problema en Bento4 1.5.1-628. • https://github.com/axiomatic-systems/Bento4/issues/364 https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-ap4_listfind-bento4-1-5-1-628 • CWE-476: NULL Pointer Dereference •