Buffer Overflow Vulnerability in Bento4 Media Processing Library
CVE-2024-57509

7.8HIGH

Key Information:

Vendor: Axiomatic Systems
Status: Bento4
Vendor: CVE Published:; 29 January 2025

🔔 Create Axiomatic Systems Vulnerability Alert

What is CVE-2024-57509?

A security vulnerability has been identified in the Bento4 media processing library, specifically within the mp42avc component. This buffer overflow issue allows local attackers to exploit the AP4_File::ParseStream and related functions, potentially enabling them to execute arbitrary code. Users of affected versions are encouraged to review the latest updates and apply security patches where available to mitigate risks.

References

https://github.com/axiomatic-systems/Bento4/issues/989

https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2025
Vulnerability Reserved
Jan 9, 2025