CVE-2017-14638

Name of the Vulnerable Software and Affected Versions Bento4 version 1.5.0-617

Description The issue is related to missing NULL checks in the AP4 AtomFactory::CreateAtomFromStream function, which can lead to a NULL pointer dereference, resulting in a segmentation fault and application crash in the AP4 Atom::SetType function.

Recommendations For Bento4 version 1.5.0-617, consider adding NULL checks to the AP4 AtomFactory::CreateAtomFromStream function to prevent NULL pointer dereferences. As a temporary workaround, restrict the use of the AP4 AtomFactory::CreateAtomFromStream function until a patch is available.