Vulnerabilities > CVE-2017-12475 - NULL Pointer Dereference vulnerability in Axiosys Bento4

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

axiosys

CWE-476

NVD

Published: 2017-09-06

Updated: 2018-09-19

Summary

The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

Vulnerable Configurations

Part	Description	Count
Application	Axiosys Axiosys Bento4 - Axiosys Bento4 1.2 Axiosys Bento4 1.4.2-584 Axiosys Bento4 1.4.2-586 Axiosys Bento4 1.4.2-587 Axiosys Bento4 1.4.2-588 Axiosys Bento4 1.4.2-589 Axiosys Bento4 1.4.2-590 Axiosys Bento4 1.4.2-591 Axiosys Bento4 1.4.2-592 Axiosys Bento4 1.4.2-593 Axiosys Bento4 1.4.2-594 Axiosys Bento4 1.4.3-595 Axiosys Bento4 1.4.3-596 Axiosys Bento4 1.4.3-597 Axiosys Bento4 1.4.3-598 Axiosys Bento4 1.4.3-599 Axiosys Bento4 1.4.3-600 Axiosys Bento4 1.4.3-601 Axiosys Bento4 1.4.3-602 Axiosys Bento4 1.4.3-603 Axiosys Bento4 1.4.3-604 Axiosys Bento4 1.4.3-605 Axiosys Bento4 1.4.3-606 Axiosys Bento4 1.4.3-607 Axiosys Bento4 1.4.3-608 Axiosys Bento4 1.5.0-609 Axiosys Bento4 1.5.0-610 Axiosys Bento4 1.5.0-611 Axiosys Bento4 1.5.0-612 Axiosys Bento4 1.5.0-613 Axiosys Bento4 1.5.0-614 Axiosys Bento4 1.5.0-615	33

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References