Buffer Overflow Vulnerability in Bento4 Media Processing Library
CVE-2025-25944

7.3HIGH

Key Information:

Vendor: Axiomatic Systems
Status: Bento4
Vendor: CVE Published:; 19 February 2025

🔔 Create Axiomatic Systems Vulnerability Alert

What is CVE-2025-25944?

A buffer overflow vulnerability exists in the Bento4 media processing library that allows a local attacker to execute arbitrary code. This security flaw is triggered when the library processes a specially crafted MP4 file, specifically during the execution of the mp4fragment command. Exploiting this vulnerability can lead to unauthorized execution of code on the vulnerable system, emphasizing the importance of implementing timely updates and security best practices.

References

https://github.com/axiomatic-systems/Bento4/issues/993

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Feb 7, 2025