Breakingbad

Name of the Vulnerable Software and Affected Versions Axiomatic Bento4 versions through 1.6.0-641 Description A flaw exists in Axiomatic Bento4 up to version 1.6.0-641 within the MP4 File Parser component, specifically in the `AP4 BitReader::ReadCache` function of the `Ap4Dac4Atom.cpp` file. This issue leads to a heap-based buffer overflow. The attack requires local access. The exploit for this issue has been publicly disclosed. Recommendations Versions prior to 1.6.0-641 should be used.

Name of the Vulnerable Software and Affected Versions Axiomatic Bento4 versions through 1.6.0-641 Description A flaw exists in Axiomatic Bento4 up to version 1.6.0-641. The issue resides in the `AP4 BitReader::SkipBits` function within the `Ap4Dac4Atom.cpp` file of the DSI v1 Parser component. Manipulation of the `n presentations` argument can lead to a heap-based buffer overflow. Local execution is required for exploitation. A public exploit is available and may be used. Recommendations Versions prior to 1.6.0-641 should be used.

**Name of the Vulnerable Software and Affected Versions** Radare2 versions prior to 6.1.2 **Description** A flaw exists in Radare2 related to resource consumption. This issue affects the `walk exports trie` function within the `libr/bin/format/mach0/mach0.c` file of the Mach-O File Parser component. The issue can be triggered locally and the exploit has been publicly disclosed. The code maintainer has indicated that the issue is not considered a Denial of Service (DoS). **Recommendations** Upgrade to Radare2 version 6.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** GPAC version 26.03-DEV **Description** A weakness exists in GPAC 26.03-DEV within the TeXML File Parser component. Specifically, the `txtin process texml` function in the `src/filters/load text.c` file is susceptible to a stack-based buffer overflow when processing manipulated data. The attack can be launched locally. The exploit for this issue is publicly available. The patch identified as d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5 addresses this issue. **Recommendations** Apply the patch d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5 to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** GPAC version 26.03-DEV **Description** A security issue has been identified in GPAC 26.03-DEV. The `svgin process` function within the SVG Parser component, located in the file `src/filters/load svg.c`, is susceptible to an out-of-bounds write condition. Local access is required for exploitation. The exploit for this issue has been publicly disclosed. The patch identifier is `7618d7206cdeb3c28961dc97ab0ecabaff0c8af2`. **Recommendations** Install the patch with identifier `7618d7206cdeb3c28961dc97ab0ecabaff0c8af2` to address this issue.