CVE-2019-8380

Name of the Vulnerable Software and Affected Versions Bento4 version 1.5.1-628

Description A NULL pointer dereference issue occurs in the AP4 Track::GetSampleIndexForTimeStampMs() function, located in Core/Ap4Track.cpp, which can be triggered by sending a crafted file to the mp4audioclip binary. This allows an attacker to cause a Denial of Service, resulting in a Segmentation fault, or possibly have other unspecified impacts.

Recommendations For Bento4 version 1.5.1-628, as a temporary workaround, consider restricting the use of the mp4audioclip binary until a patch is available. Avoid processing crafted files with the mp4audioclip binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.