CVE-2020-21066
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac.
Se ha detectado un problema en Bento4 versión v1.5.1.0. Se presenta un desbordamiento del búfer de la pila en la función AP4_Dec3Atom::AP4_Dec3Atom en el archivo Ap4Dec3Atom.cpp, conllevando a una denegación de servicio (bloqueo del programa), como ha demostrado mp42aac.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-08-13 CVE Reserved
- 2021-08-13 CVE Published
- 2024-04-28 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/axiomatic-systems/Bento4/issues/408 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|