Vulnerabilities > CVE-2021-35306 - NULL Pointer Dereference vulnerability in Axiosys Bento4

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

axiosys

CWE-476

NVD

Published: 2021-08-05

Updated: 2021-08-12

Summary

An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the function AP4_StszAtom::WriteFields located in Ap4StszAtom.cpp. It allows an attacker to cause a denial of service (DOS).

Vulnerable Configurations

Part	Description	Count
Application	Axiosys Axiosys Bento4 1.4.2-584 Axiosys Bento4 1.4.2-586 Axiosys Bento4 1.4.2-587 Axiosys Bento4 1.4.2-588 Axiosys Bento4 1.4.2-589 Axiosys Bento4 1.4.2-590 Axiosys Bento4 1.4.2-591 Axiosys Bento4 1.4.2-592 Axiosys Bento4 1.4.2-593 Axiosys Bento4 1.4.2-594 Axiosys Bento4 1.4.3-595 Axiosys Bento4 1.4.3-596 Axiosys Bento4 1.4.3-597 Axiosys Bento4 1.4.3-598 Axiosys Bento4 1.4.3-599 Axiosys Bento4 1.4.3-600 Axiosys Bento4 1.4.3-601 Axiosys Bento4 1.4.3-602 Axiosys Bento4 1.4.3-603 Axiosys Bento4 1.4.3-604 Axiosys Bento4 1.4.3-605 Axiosys Bento4 1.4.3-606 Axiosys Bento4 1.4.3-607 Axiosys Bento4 1.4.3-608 Axiosys Bento4 1.5.0-609 Axiosys Bento4 1.5.0-610 Axiosys Bento4 1.5.0-611 Axiosys Bento4 1.5.0-612 Axiosys Bento4 1.5.0-613 Axiosys Bento4 1.5.0-614 Axiosys Bento4 1.5.0-615 Axiosys Bento4 1.5.0-616 Axiosys Bento4 1.5.0-617 Axiosys Bento4 1.5.0-618 Axiosys Bento4 1.5.0-619 Axiosys Bento4 1.5.1-620 Axiosys Bento4 1.5.1-621 Axiosys Bento4 1.5.1-622 Axiosys Bento4 1.5.1-623 Axiosys Bento4 1.5.1-624 Axiosys Bento4 1.5.1-627 Axiosys Bento4 1.5.1-628 Axiosys Bento4 1.5.1-629 Axiosys Bento4 1.5.1.0 Axiosys Bento4 1.6.0-630 Axiosys Bento4 1.6.0-633 Axiosys Bento4 1.6.0-634 Axiosys Bento4 1.6.0-635 Axiosys Bento4 1.6.0-636	49

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/axiomatic-systems/Bento4/issues/615