SB2019012601 - Multiple vulnerabilities in axiomatic-systems Bento4

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019012601

SB2019012601 - Multiple vulnerabilities in axiomatic-systems Bento4

Published: January 26, 2019 Updated: August 8, 2020

Security Bulletin ID SB2019012601
Severity
High
Patch available
NO
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 67% Medium 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2019-16349)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class. A remote attacker can perform a denial of service (DoS) attack.


2) Out-of-bounds write (CVE-ID: CVE-2019-9544)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4_CttsTableEntry::AP4_CttsTableEntry() located in Core/Ap4Array.h. It can be triggered by sending a crafted file to (for example) the mp42hls binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.


3) Out-of-bounds read (CVE-ID: CVE-2019-8378)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in AP4_BitStream::ReadBytes() in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error and read contents of memory on the system.


4) NULL pointer dereference (CVE-ID: CVE-2019-8380)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. A remote attacker can perform a denial of service (DoS) attack.


5) NULL pointer dereference (CVE-ID: CVE-2019-8382)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. A remote attacker can perform a denial of service (DoS) attack.


6) Resource exhaustion (CVE-ID: CVE-2019-6966)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in Core/Ap4ElstAtom.cpp has an attempted excessive memory allocation related to AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h, as demonstrated by mp42hls.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References