Primary

Context

Bento4 Buffer Overflow Vulnerability in AP4_Stz2Atom Component

Vulnerability

A buffer overflow vulnerability has been identified in Bento4 version 1.6.0-641. This vulnerability allows local attackers to execute arbitrary code by exploiting the AP4_Stz2Atom component in Ap4Stz2Atom.cpp. The issue arises when the mp4fragment tool processes specially crafted MP4 files, leading to memory corruption and potential execution of malicious code.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, allowing for memory corruption and arbitrary code execution.

Reproduction

The vulnerability can be reproduced using the Bento4 mp4fragment tool. After building Bento4, the mp4fragment application can be executed with a crafted MP4 file that triggers the buffer overflow. This can be done by using the 'bug6.mp4' file, which is available in the Bento4_PoC repository on GitHub.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bento4 Buffer Overflow Vulnerability in AP4_Stz2Atom Component

Vulnerability

Impact

Reproduction

Affected Products

Axiomatic Systems Bento4

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating