Heap Use-After-Free Vulnerability in Bento4 Media Processing Software
CVE-2024-30808

Currently unrated

Key Information:

Vendor: Axiomatic Systems
Status: Bento4
Vendor: CVE Published:; 2 April 2024

🔔 Create Axiomatic Systems Vulnerability Alert

What is CVE-2024-30808?

A vulnerability has been identified in Bento4 that involves a heap-use-after-free condition occurring within the AP4_SubStream::~AP4_SubStream destructor, specifically located in Ap4ByteStream.cpp. This flaw can potentially be exploited to cause a Denial of Service (DoS), as demonstrated in the context of mp42ts media processing. Proper mitigation and updates are advised to ensure security and stability in media handling operations.

References

https://github.com/axiomatic-systems/Bento4/issues/937

https://github.com/zhangteng0526/CVE-information/blob/mai...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2024