Vulnerabilities > CVE-2020-21066 - Out-of-bounds Write vulnerability in Axiosys Bento4 1.5.1.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

axiosys

CWE-787

NVD

Published: 2021-08-13

Updated: 2021-08-23

Summary

An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac.

Vulnerable Configurations

Part	Description	Count
Application	Axiosys Axiosys Bento4 1.5.1.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/axiomatic-systems/Bento4/issues/408