Vulnerabilities > CVE-2018-5253 - Infinite Loop vulnerability in Axiosys Bento4 1.5.1.0

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
axiosys
CWE-835
NVD
Published: 2018-01-05
Updated: 2019-10-03

Summary

The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.

Vulnerable Configurations

Part Description Count
Application
Axiosys
1

Common Weakness Enumeration (CWE)

References