Heap Use-After-Free Vulnerability in Bento4 by Axiomatic Systems
CVE-2024-30809

Currently unrated

Key Information:

Vendor: Axiomatic Systems
Status: Bento4
Vendor: CVE Published:; 2 April 2024

🔔 Create Axiomatic Systems Vulnerability Alert

What is CVE-2024-30809?

A heap-use-after-free vulnerability has been identified in the Bento4 media framework, specifically in the AP4_Sample::GetOffset() method within the Ap4Sample.h file. This issue could be exploited to execute a Denial of Service (DoS) attack, as demonstrated by the usage of the mp42ts tool. This vulnerability allows an attacker to craft specific inputs that trigger improper memory management, potentially leading to application crashes and service interruptions.

References

https://github.com/axiomatic-systems/Bento4/issues/937

https://github.com/zhangteng0526/CVE-information/blob/mai...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2024