Vulnerabilities > CVE-2019-8380 - NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1628

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

axiosys

CWE-476

NVD

Published: 2019-02-17

Updated: 2019-02-19

Summary

An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Vulnerable Configurations

Part	Description	Count
Application	Axiosys Axiosys Bento4 1.5.1-628	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-ap4_trackgetsampleindexfortimestampms-bento4-1-5-1-628/
https://github.com/axiomatic-systems/Bento4/issues/366