Antsknows

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-638 **Description** The issue is related to a null pointer reference in the `AP4 DescriptorListInspector::Action` function, located in Ap4Descriptor.h at line 124. This can lead to a denial of service (DOS). The problem was demonstrated using GPAC. **Recommendations** For Bento4 version 1.6.0-638, consider disabling the `AP4 DescriptorListInspector::Action` function as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4Box version 1.1.0 **Description** The issue is related to a Null pointer reference in the `gf filter pid get packet` function, located in `src/filter core/filter pid.c` at line 5394. This can cause a denial of service (DOS). **Recommendations** For GPAC MP4Box version 1.1.0, consider disabling the `gf filter pid get packet` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4Box version 1.1.0 **Description** The issue is a heap-buffer-overflow in the `filter parse dyn args` function, located in `filter core/filter.c:1454`. This can cause a denial of service (DOS). The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For GPAC MP4Box version 1.1.0, consider disabling the `filter parse dyn args` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-638 **Description** The issue is related to an allocator running out of memory in the `AP4 Array<AP4 TrunAtom::Entry>::EnsureCapacity` function, located in Ap4Array.h:172. This can cause a denial of service (DOS), as demonstrated by GPAC. **Recommendations** For Bento4 version 1.6.0-638, consider applying a patch or fix to resolve the memory allocation issue in the `AP4 Array<AP4 TrunAtom::Entry>::EnsureCapacity` function to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4Box version 1.1.0 **Description** The issue is a stack buffer overflow at src/utils/error.c:1769, leading to a denial of service. **Recommendations** For GPAC MP4Box version 1.1.0, update to a version that fixes the stack buffer overflow issue.

**Name of the Vulnerable Software and Affected Versions** MP4Box version 1.0.1 **Description** The issue is a stack buffer overflow in the `nhmldmx send sample()` function, specifically with the `szXmlTo` parameter, located at src/filters/dmx nhml.c:1004. This leads to a denial of service vulnerability. **Recommendations** For MP4Box version 1.0.1, as a temporary workaround, consider disabling the `nhmldmx send sample()` function until a patch is available. Restrict access to the `szXmlTo` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MP4Box version 1.1.0 **Description** The issue is a stack buffer overflow in the nhmldmx init parsing function at src/filters/dmx nhml.c, leading to a denial of service. **Recommendations** For MP4Box version 1.1.0, consider disabling the nhmldmx init parsing function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MP4Box version 1.0.1 **Description** The issue is a stack buffer overflow in the `nhmldmx send sample()` function at `src/filters/dmx nhml.c:1008`, specifically affecting the `szXmlFrom` parameter. This leads to a denial of service vulnerability. **Recommendations** For MP4Box version 1.0.1, consider disabling the `nhmldmx send sample()` function as a temporary workaround until a patch is available. Restrict access to the `szXmlFrom` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 1.0.1 **Description** The issue allows attackers to cause a denial of service via a crafted file in the MP4Box command, specifically through the GetHintFormat function. **Recommendations** For GPAC version 1.0.1, consider disabling the GetHintFormat function as a temporary workaround until a patch is available. Restrict access to the MP4Box command to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GPAC version 1.0.1 **Description** The issue allows attackers to cause a denial of service via a crafted file in the MP4Box command. This is due to a problem in the `gf hinter track finalize` function. **Recommendations** For GPAC version 1.0.1, consider avoiding the use of the `gf hinter track finalize` function until a patch is available. Restrict access to the MP4Box command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 1.0.1 **Description** The issue allows attackers to cause a denial of service via a crafted file in the MP4Box command. This is due to a problem in the `schm box size` function. **Recommendations** For GPAC version 1.0.1, consider avoiding the use of crafted files with the MP4Box command until a fix is available. As a temporary workaround, restrict the use of the `schm box size` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 1.0.1 **Description** The issue allows attackers to cause a denial of service via a crafted file in the MP4Box command, specifically through the `gf bs write data` function. **Recommendations** For GPAC version 1.0.1, consider disabling the `gf bs write data` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.