Dhbbb

Name of the Vulnerable Software and Affected Versions: Bento4 versions prior to v1.6.0-637 Description: A NULL pointer dereference issue exists in the `AP4 StszAtom::WriteFields` function, located in `Ap4StszAtom.cpp`, allowing an attacker to cause a denial of service. Recommendations: For Bento4 versions prior to v1.6.0-637, update to a version newer than v1.6.0-636 to resolve the issue. As a temporary workaround, consider restricting access to the `AP4 StszAtom::WriteFields` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Bento4 versions through 1.6.0-636 Description: An issue exists in the AP4 DescriptorFinder::Test component located in /Core/Ap4Descriptor.h, where a NULL pointer dereference occurs. This allows an attacker to cause a denial of service (DOS). Recommendations: For versions through 1.6.0-636, as a temporary workaround, consider disabling the AP4 DescriptorFinder::Test component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libde265 version 1.0.8 **Description** The issue is related to the insufficient use of the `assert()` function in the sps.cc component of the libde265 h.265 video codec implementation. This can be exploited by a remote attacker using a specially crafted file, potentially allowing access to confidential data, disrupting data integrity, and causing a denial of service. The vulnerability is triggered when decoding a file fails the `scaling list pred matrix id delta==1` assertion at sps.cc:925. **Recommendations** For libde265 version 1.0.8, consider disabling the `assert()` function in the sps.cc component or restricting the use of the vulnerable video codec implementation until a patch is available. As a temporary workaround, avoid using the libde265 library with untrusted input files to minimize the risk of exploitation.