Vulnerabilities > CVE-2019-13238 - NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

axiosys

CWE-476

NVD

Published: 2019-07-04

Updated: 2020-08-24

Summary

An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL pointer.

Vulnerable Configurations

Part	Description	Count
Application	Axiosys Axiosys Bento4 1.5.1.0	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/axiomatic-systems/Bento4/issues/396