Buffer Overflow Vulnerability in Bento4 by Axiomatic Systems
CVE-2024-57510

7.8HIGH

Key Information:

Vendor: Axiomatic Systems
Status: Bento4
Vendor: CVE Published:; 29 January 2025

🔔 Create Axiomatic Systems Vulnerability Alert

What is CVE-2024-57510?

A serious buffer overflow vulnerability exists within the Bento4 mp42avc module that allows a local attacker to exploit the AP4_MemoryByteStream::WritePartial function. This could result in the execution of arbitrary code, compromising system integrity and leaving systems vulnerable to further attacks. It is crucial for users of affected versions to assess their risk and apply any available patches or mitigations promptly.

References

https://github.com/axiomatic-systems/Bento4/issues/989

https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2025
Vulnerability Reserved
Jan 9, 2025