Vulnerabilities > Axiosys > Bento4 > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-13 CVE-2020-19722 Classic Buffer Overflow vulnerability in Axiosys Bento4 1.5.1628
An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS).
network
low complexity
axiosys CWE-120
6.5
6.5
2021-04-21 CVE-2020-23912 NULL Pointer Dereference vulnerability in Axiosys Bento4
An issue was discovered in Bento4 through v1.6.0-637.
local
low complexity
axiosys CWE-476
5.5
5.5
2019-12-30 CVE-2019-20092 NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1.0
An issue was discovered in Bento4 1.5.1.0.
local
low complexity
axiosys CWE-476
5.5
5.5
2019-12-30 CVE-2019-20091 NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1.0
An issue was discovered in Bento4 1.5.1.0.
local
low complexity
axiosys CWE-476
5.5
5.5
2019-10-10 CVE-2019-17454 NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1.0
Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info.
network
low complexity
axiosys CWE-476
6.5
6.5
2019-10-10 CVE-2019-17453 NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1.0
Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.
network
low complexity
axiosys CWE-476
6.5
6.5
2019-10-10 CVE-2019-17452 NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1.0
Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.
network
low complexity
axiosys CWE-476
6.5
6.5
2019-09-16 CVE-2019-16349 NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1628
Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class.
local
low complexity
axiosys CWE-476
5.5
5.5
2019-07-18 CVE-2019-13959 NULL Pointer Dereference vulnerability in Axiosys Bento4 1.5.1627
In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer.
network
low complexity
axiosys CWE-476
6.5
6.5
2019-02-10 CVE-2019-7699 Out-of-bounds Read vulnerability in Axiosys Bento4 1.5.1627
A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627.
network
low complexity
axiosys CWE-125
6.5
6.5