CVE-2023-29576 : Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h.

Published 2023-04-11 21:15:31

Updated 2025-02-10 20:15:42

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2023-29576

Axiosys » Bento4 » Version: 1.6.0-639
cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-10
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

https://github.com/z1r00/fuzz_vuln/blob/main/Bento4/mp4decrypt/sigv/readme.md

fuzz_vuln/readme.md at main · z1r00/fuzz_vuln · GitHub
Exploit;Issue Tracking;Third Party Advisory
https://github.com/axiomatic-systems/Bento4/issues/844

SEGV Ap4TrunAtom.h:80:80 in AP4_TrunAtom::SetDataOffset(int) · Issue #844 · axiomatic-systems/Bento4 · GitHub
Exploit;Issue Tracking

Jump to