17Ssdp

**Name of the Vulnerable Software and Affected Versions** Axiomatic Bento4 (affected versions not specified) **Description** A critical issue was found in Axiomatic Bento4, affecting the `AP4 MemoryByteStream::WritePartial` function in the `Ap4ByteStream.cpp` file of the `mp42aac` component. This issue leads to a heap-based buffer overflow and can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** An issue was discovered in the function `AP4 File::ParseStream` in `/Core/Ap4File.cpp`, which results in a memory leak. **Recommendations** For Bento4 version 1.6.0-639, consider disabling the `AP4 File::ParseStream` function until a patch is available to prevent potential exploitation of the memory leak issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** A memory leak issue was discovered in the `AP4 DescriptorFactory::CreateDescriptorFromStream` function located in `Core/Ap4DescriptorFactory.cpp`. This issue is demonstrated by the `mp42aac` tool. **Recommendations** For Bento4 version 1.6.0-639, consider restricting access to the `AP4 DescriptorFactory::CreateDescriptorFromStream` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** An issue in the component `AP4 HdlrAtom::~AP4 HdlrAtom()` allows attackers to cause a Denial of Service (DoS) via a crafted input. This is due to a bad free, which can be exploited to disrupt the service. **Recommendations** For Bento4 version 1.6.0-639, consider disabling the `AP4 HdlrAtom` component until a patch is available to prevent potential Denial of Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** An issue was discovered in the AP4 BitReader::SkipBits(unsigned int) function in mp42ts, which is a heap buffer overflow. **Recommendations** For Bento4 version 1.6.0-639, consider disabling the AP4 BitReader::SkipBits(unsigned int) function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** An issue was discovered in Bento4, leading to a Denial of Service (DoS). The issue is caused by a heap-buffer-overflow in `AP4 Dec3Atom::AP4 Dec3Atom` at `Ap4Dec3Atom.cpp`, as demonstrated by `mp42aac`. **Recommendations** For Bento4 version 1.6.0-639, consider applying a patch or fix to resolve the heap-buffer-overflow issue in `AP4 Dec3Atom::AP4 Dec3Atom` at `Ap4Dec3Atom.cpp`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** A heap overflow issue was discovered in Bento4 via the AP4 BitReader::ReadCache() function in mp42ts. **Recommendations** For Bento4 version 1.6.0-639, as a temporary workaround, consider disabling the AP4 BitReader::ReadCache() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** A memory leak issue was found in the AP4 StdcFileByteStream::Create function in mp42ts, which can be exploited by attackers to cause a denial of service using a crafted file. **Recommendations** For Bento4 version 1.6.0-639, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** A buffer overflow issue exists in the `AP4 MemoryByteStream::WritePartial` function in mp42aac, which can be exploited by attackers to cause a denial of service. This can be achieved by providing a crafted file. **Recommendations** For Bento4 version 1.6.0-639, consider disabling the `AP4 MemoryByteStream::WritePartial` function as a temporary workaround until a patch is available. Restrict access to mp42aac to minimize the risk of exploitation. Avoid using crafted files that may trigger the buffer overflow issue until the problem is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.1-DEV-rev368-gfd054169b-master **Description** A segmentation violation was discovered in GPAC via the function `gf isom meta restore items ref` at `/isomedia/meta.c`. **Recommendations** For GPAC version 2.1-DEV-rev368-gfd054169b-master, consider disabling the `gf isom meta restore items ref` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.1-DEV-rev368-gfd054169b-master **Description** A heap buffer overflow issue was discovered in GPAC via the (gf isom box dump start ex) function at /isomedia/box funcs.c. **Recommendations** For GPAC version 2.1-DEV-rev368-gfd054169b-master, as a temporary workaround, consider disabling the (gf isom box dump start ex) function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC versions 2.1-DEV-rev368-gfd054169b-master **Description** A heap buffer overflow issue was discovered via the function `FixSDTPInTRAF` at `isomedia/isom intern.c`. This issue affects GPAC and is related to a heap buffer overflow. **Recommendations** For GPAC version 2.1-DEV-rev368-gfd054169b-master, consider disabling the `FixSDTPInTRAF` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.1-DEV-rev368-gfd054169b-master **Description** A segmentation violation was discovered in GPAC via the function `BD CheckSFTimeOffset` at `/bifs/field decode.c`. **Recommendations** For GPAC version 2.1-DEV-rev368-gfd054169b-master, consider disabling the `BD CheckSFTimeOffset` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.1-DEV-rev368-gfd054169b-master **Description** A segmentation violation was discovered in GPAC via the function `gf isom get meta item info` at `/isomedia/meta.c`. **Recommendations** For GPAC version 2.1-DEV-rev368-gfd054169b-master, as a temporary workaround, consider disabling the `gf isom get meta item info` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC versions 2.1-DEV-rev368-gfd054169b-master **Description** A segmentation violation was discovered in GPAC via the function `gf dump vrml sffield` at `/scene manager/scene dump.c`. This issue was identified through the National Vulnerability Database. **Recommendations** For GPAC version 2.1-DEV-rev368-gfd054169b-master, consider disabling the `gf dump vrml sffield` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.