Buffer Overflow Affecting bento4 package, versions *


0.0
medium

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.23% (61st percentile)
Expand this section
NVD
8.8 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-BENTO4-1656628
  • published 21 Sep 2021
  • disclosed 21 Sep 2021
  • credit Unknown

How to fix?

There is no fixed version for bento4.

Overview

bento4 is a Full-featured MP4 format, MPEG DASH, HLS, CMAF SDK and tools.

Affected versions of this package are vulnerable to Buffer Overflow. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure.

References