Vulnerabilities > CVE-2019-20090 - Use After Free vulnerability in Axiosys Bento4 1.5.1.0

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

axiosys

CWE-416

NVD

Published: 2019-12-30

Updated: 2020-01-07

Summary

An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.

Vulnerable Configurations

Part	Description	Count
Application	Axiosys Axiosys Bento4 1.5.1.0	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/axiomatic-systems/Bento4/issues/461