Vulnerabilities > CVE-2020-23330 - NULL Pointer Dereference vulnerability in Axiosys Bento4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

axiosys

CWE-476

NVD

Published: 2021-08-17

Updated: 2021-08-25

Summary

An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS).

Vulnerable Configurations

Part	Description	Count
Application	Axiosys Axiosys Bento4 - Axiosys Bento4 1.2 Axiosys Bento4 1.4.2-584 Axiosys Bento4 1.4.2-586 Axiosys Bento4 1.4.2-587 Axiosys Bento4 1.4.2-588 Axiosys Bento4 1.4.2-589 Axiosys Bento4 1.4.2-590 Axiosys Bento4 1.4.2-591 Axiosys Bento4 1.4.2-592 Axiosys Bento4 1.4.2-593 Axiosys Bento4 1.4.2-594 Axiosys Bento4 1.4.3-595 Axiosys Bento4 1.4.3-596 Axiosys Bento4 1.4.3-597 Axiosys Bento4 1.4.3-598 Axiosys Bento4 1.4.3-599 Axiosys Bento4 1.4.3-600 Axiosys Bento4 1.4.3-601 Axiosys Bento4 1.4.3-602 Axiosys Bento4 1.4.3-603 Axiosys Bento4 1.4.3-604 Axiosys Bento4 1.4.3-605 Axiosys Bento4 1.4.3-606 Axiosys Bento4 1.4.3-607 Axiosys Bento4 1.4.3-608 Axiosys Bento4 1.5.0-609 Axiosys Bento4 1.5.0-610 Axiosys Bento4 1.5.0-611 Axiosys Bento4 1.5.0-612 Axiosys Bento4 1.5.0-613 Axiosys Bento4 1.5.0-614 Axiosys Bento4 1.5.0-615 Axiosys Bento4 1.5.0-616 Axiosys Bento4 1.5.0-617 Axiosys Bento4 1.5.0-618 Axiosys Bento4 1.5.0-619 Axiosys Bento4 1.5.1-620 Axiosys Bento4 1.5.1-621 Axiosys Bento4 1.5.1-622 Axiosys Bento4 1.5.1-623 Axiosys Bento4 1.5.1-624 Axiosys Bento4 1.5.1-627 Axiosys Bento4 1.5.1-628 Axiosys Bento4 1.5.1-629 Axiosys Bento4 1.5.1.0 Axiosys Bento4 1.6.0 Axiosys Bento4 1.6.0-630 Axiosys Bento4 1.6.0-633 Axiosys Bento4 1.6.0-634	50

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/axiomatic-systems/Bento4/issues/511