Skip to main content

Bento4 CVE-2018-14544

MEDIUM
Out-of-bounds Read (CWE-125)
2018-07-23 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 23, 2018 - 08:29 nvd
MEDIUM 5.5

DescriptionNVD

There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.

AnalysisAI

There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts. Affected products include: Axiosys Bento4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Bento4

View all
CVE-2024-31004 CRITICAL POC
9.8 Apr 02

An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_Stsd

CVE-2024-31002 CRITICAL POC
9.8 Apr 02

Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4

CVE-2018-14531 CRITICAL POC
9.8 Jul 23

An issue was discovered in Bento4 1.5.1-624. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita

CVE-2017-14639 HIGH POC
8.8 Sep 21

AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, wh

CVE-2017-14644 HIGH POC
8.8 Sep 21

A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. Rated high severity (CVSS 8.8

CVE-2024-31003 HIGH POC
8.8 Apr 02

Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4

CVE-2022-4584 HIGH POC
8.8 Dec 17

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. Rated high severity (CVSS 8.8), this vulnerability is rem

CVE-2022-3974 HIGH POC
8.8 Nov 13

A vulnerability classified as critical was found in Axiomatic Bento4. Rated high severity (CVSS 8.8), this vulnerability

CVE-2022-41430 HIGH POC
8.8 Oct 03

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. Rated hig

CVE-2022-41429 HIGH POC
8.8 Oct 03

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. Rated h

CVE-2022-41428 HIGH POC
8.8 Oct 03

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. Rated hi

CVE-2021-32265 HIGH POC
8.8 Sep 20

An issue was discovered in Bento4 through v1.6.0-637. Rated high severity (CVSS 8.8), this vulnerability is remotely exp

Share

CVE-2018-14544 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy