Vulnerabilities > Bento4

DATE CVE VULNERABILITY TITLE RISK
2017-09-21 CVE-2017-14647 Out-of-bounds Write vulnerability in Bento4 1.5.0617
A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617.
network
low complexity
bento4 CWE-787
8.8
2017-09-21 CVE-2017-14645 Out-of-bounds Read vulnerability in Bento4 1.5.0617
A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617.
network
low complexity
bento4 CWE-125
6.5
2017-09-21 CVE-2017-14644 Out-of-bounds Write vulnerability in Bento4 1.5.0617
A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617.
network
low complexity
bento4 CWE-787
8.8
2017-09-21 CVE-2017-14643 Out-of-bounds Read vulnerability in Bento4 1.5.0617
The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h.
network
low complexity
bento4 CWE-125
6.5
2017-09-21 CVE-2017-14642 NULL Pointer Dereference vulnerability in Bento4 1.5.0617
A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617.
network
low complexity
bento4 CWE-476
6.5
2017-09-21 CVE-2017-14641 NULL Pointer Dereference vulnerability in Bento4 1.5.0617
A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617.
network
low complexity
bento4 CWE-476
6.5
2017-09-21 CVE-2017-14640 NULL Pointer Dereference vulnerability in Bento4 1.5.0617
A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617.
network
low complexity
bento4 CWE-476
6.5
2017-09-21 CVE-2017-14639 Type Confusion vulnerability in Bento4 1.5.0617
AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact.
network
low complexity
bento4 CWE-843
8.8
2017-09-21 CVE-2017-14638 NULL Pointer Dereference vulnerability in Bento4 1.5.0617
AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h.
network
low complexity
bento4 CWE-476
6.5
2017-09-11 CVE-2017-14261 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bento4 1.5.0616
In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability.
local
low complexity
bento4 CWE-119
7.8