CVE-2017-14639

Name of the Vulnerable Software and Affected Versions Bento4 version 1.5.0-617

Description The issue is caused by incorrect character data types used in the AP4 VisualSampleEntry::ReadFields function in Core/Ap4SampleEntry.cpp. This leads to a stack-based buffer underflow and out-of-bounds write, resulting in denial of service, which is an application crash, or possibly other unspecified impacts.

Recommendations For Bento4 version 1.5.0-617, as a temporary workaround, consider disabling the AP4 VisualSampleEntry::ReadFields function until a patch is available. Restrict access to the Core/Ap4SampleEntry.cpp module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.