CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25947
https://notcve.org/view.php?id=CVE-2025-25947
19 Feb 2025 — An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4_AtomParent::RemoveChild, during the execution of mp4encrypt with a specially crafted MP4 input file. • https://github.com/axiomatic-systems/Bento4/issues/994 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25943
https://notcve.org/view.php?id=CVE-2025-25943
19 Feb 2025 — Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp. • https://github.com/axiomatic-systems/Bento4/issues/993 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25946
https://notcve.org/view.php?id=CVE-2025-25946
19 Feb 2025 — An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process, during the execution of mp4encrypt with a specially crafted MP4 input file. • https://github.com/axiomatic-systems/Bento4/issues/994 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25944
https://notcve.org/view.php?id=CVE-2025-25944
19 Feb 2025 — Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of mp4fragment with a crafted MP4 input file. • https://github.com/axiomatic-systems/Bento4/issues/993 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25942
https://notcve.org/view.php?id=CVE-2025-25942
19 Feb 2025 — An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when processing invalid files. Specifically, memory allocated in SampleArray::SampleArray in Mp4Fragment.cpp is not properly released. • https://github.com/axiomatic-systems/Bento4/issues/993 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25945
https://notcve.org/view.php?id=CVE-2025-25945
19 Feb 2025 — An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Fragment.cpp and in AP4_DescriptorFactory::CreateDescriptorFromStream at Ap4DescriptorFactory.cpp. • https://github.com/axiomatic-systems/Bento4/issues/993 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 6%CPEs: 2EXPL: 0CVE-2024-31003
https://notcve.org/view.php?id=CVE-2024-31003
02 Apr 2024 — Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp. Vulnerabilidad de desbordamiento de búfer en Bento4 Bento v.1.6.0-641 permite a un atacante remoto ejecutar código arbitrario a través de AP4_MemoryByteStream::WritePartial en Ap4ByteStream.cpp. • https://github.com/axiomatic-systems/Bento4/issues/939 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0CVE-2024-31002
https://notcve.org/view.php?id=CVE-2024-31002
02 Apr 2024 — Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component. Vulnerabilidad de desbordamiento de búfer en Bento4 Bento v.1.6.0-641 permite a un atacante remoto ejecutar código arbitrario a través del componente AP4 BitReader::ReadCache() en Ap4Utils.cpp. • https://github.com/axiomatic-systems/Bento4/issues/939 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2024-31004
https://notcve.org/view.php?id=CVE-2024-31004
02 Apr 2024 — An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment. Un problema en Bento4 Bento v.1.6.0-641 permite a un atacante remoto ejecutar código arbitrario a través del fragmento Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4. • https://github.com/axiomatic-systems/Bento4/issues/941 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 7%CPEs: 1EXPL: 0CVE-2024-31005
https://notcve.org/view.php?id=CVE-2024-31005
02 Apr 2024 — An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment Un problema en Bento4 Bento v.1.6.0-641 permite a un atacante remoto ejecutar código arbitrario a través de Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment • https://github.com/axiomatic-systems/Bento4/issues/941 • CWE-94: Improper Control of Generation of Code ('Code Injection') •