Primary

Context

Bento4 Floating Point Exception Vulnerability Allowing Denial-of-Service

Vulnerability

A floating point exception vulnerability, specifically a divide-by-zero issue, has been identified in Bento4 version 1.6.0-641. This vulnerability occurs in the function AP4_TfraAtom() within the file Ap4TfraAtom.cpp. A remote attacker can exploit this vulnerability to cause a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash or become unresponsive.

Reproduction

The vulnerability can be reproduced by building Bento4 and then executing the 'mp4dump' tool on a crafted MP4 file that triggers the divide-by-zero condition. The 'mp4dump' tool will crash, demonstrating the denial-of-service impact.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bento4 Floating Point Exception Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

Bento4

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating