SB2018010528 - Multiple vulnerabilities in axiomatic-systems Bento4
Published: January 5, 2018 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2019-20090)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.
2) NULL pointer dereference (CVE-ID: CVE-2019-20091)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp. A remote attacker can perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2019-20092)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp. A remote attacker can perform a denial of service (DoS) attack.
4) Out-of-bounds read (CVE-ID: CVE-2019-17529)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp. A remote attacker can perform a denial of service attack.
5) Out-of-bounds read (CVE-ID: CVE-2019-17530)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp. A remote attacker can perform a denial of service attack.
6) NULL pointer dereference (CVE-ID: CVE-2019-17452)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump. A remote attacker can perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2019-17453)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact. A remote attacker can perform a denial of service (DoS) attack.
8) NULL pointer dereference (CVE-ID: CVE-2019-17454)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info. A remote attacker can perform a denial of service (DoS) attack.
9) Out-of-bounds read (CVE-ID: CVE-2019-15047)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp. A remote attacker can perform a denial of service attack.
10) Buffer overflow (CVE-ID: CVE-2019-15048)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp.
11) Out-of-bounds read (CVE-ID: CVE-2019-15049)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp. A remote attacker can perform a denial of service attack.
12) Out-of-bounds read (CVE-ID: CVE-2019-15050)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp. A remote attacker can perform a denial of service attack.
13) Resource exhaustion (CVE-ID: CVE-2019-13238)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL pointer.
14) Infinite loop (CVE-ID: CVE-2018-5253)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://github.com/axiomatic-systems/Bento4/issues/461
- https://github.com/axiomatic-systems/Bento4/issues/462
- https://github.com/axiomatic-systems/Bento4/issues/430
- https://github.com/TeamSeri0us/pocs/tree/master/bento4
- https://github.com/axiomatic-systems/Bento4/issues/431
- https://github.com/axiomatic-systems/Bento4/issues/434
- https://github.com/axiomatic-systems/Bento4/issues/436
- https://github.com/axiomatic-systems/Bento4/issues/437
- https://github.com/axiomatic-systems/Bento4/issues/435
- https://github.com/axiomatic-systems/bento4/issues/408
- https://github.com/axiomatic-systems/bento4/issues/409
- https://github.com/axiomatic-systems/Bento4/issues/396
- https://github.com/axiomatic-systems/Bento4/issues/233