Heap Use-After-Free Vulnerability in Bento4 by Axiomatic Systems
CVE-2024-30807

Currently unrated

Key Information:

Vendor: Axiomatic Systems
Status: Bento4
Vendor: CVE Published:; 2 April 2024

🔔 Create Axiomatic Systems Vulnerability Alert

What is CVE-2024-30807?

A heap-use-after-free vulnerability found in Bento4 v1.6.0-641-2-g1529b83 can be exploited through the AP4_UnknownAtom destructor within Ap4Atom.cpp. This flaw can lead to a Denial of Service (DoS) scenario, enabling potential disruptions when manipulating multimedia files such as mp42ts. Users of this version of Bento4 are advised to apply security measures to mitigate risks associated with this vulnerability.

References

https://github.com/axiomatic-systems/Bento4/issues/937

https://github.com/zhangteng0526/CVE-information/blob/mai...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2024