Primary

Context

Bento4 Floating-Point Exception Vulnerability in TfraAtom Function

Vulnerability

A floating-point exception vulnerability has been identified in the Bento4 media processing library, specifically within the 'mp42hevc' component. This vulnerability arises in the 'AP4_TfraAtom::AP4_TfraAtom' function, where improper handling of data can lead to a floating-point exception, potentially causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a floating-point exception, causing a denial-of-service condition by terminating the process with the error.

Reproduction

The vulnerability can be reproduced by using the Bento4 'mp42hevc' application. After applying the related Bento4 commit '3bdc891', the application can be run with a specially crafted input file that triggers the vulnerability. This can be done by using the AddressSanitizer tool, which will report the floating-point exception error when the vulnerability is successfully exploited.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bento4 Floating-Point Exception Vulnerability in TfraAtom Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating