Yin Li

#9065of 53,632
30.1Total CVSS
Vulnerabilities · 5
Medium
4
High
1
PT-2022-26095
5.5
2022-09-30
Bento4 · Bento4 · CVE-2022-41845
**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** An issue in Bento4 leads to excessive memory consumption in the `AP4 Array<AP4 ElstEntry>::EnsureCapacity` function, located in Core/Ap4Array.h. **Recommendations** For Bento4 version 1.6.0-639, consider applying a patch or fix that addresses the excessive memory consumption issue in the `AP4 Array<AP4 ElstEntry>::EnsureCapacity` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-26096
5.5
2022-09-30
Bento4 · Bento4 · CVE-2022-41846
**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** An issue was discovered in the function `AP4 DataBuffer::ReallocateBuffer` in `Core/Ap4DataBuffer.cpp`, which leads to excessive memory consumption. **Recommendations** For Bento4 version 1.6.0-639, consider applying a patch or fix to the `AP4 DataBuffer::ReallocateBuffer` function to prevent excessive memory consumption. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2022-26097
5.5
2022-09-30
Bento4 · Bento4 · CVE-2022-41847
**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** A memory leak issue exists in the `AP4 StdcFileByteStream::Create` function, specifically in the `System/StdC/Ap4StdCFileByteStream.cpp` file. This issue can lead to memory exhaustion if exploited. **Recommendations** For Bento4 version 1.6.0-639, consider restricting access to the `AP4 StdcFileByteStream::Create` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2022-25515
5.5
2022-09-16
Jasper · Jasper · CVE-2022-40755
**Name of the Vulnerable Software and Affected Versions** JasPer version 3.0.6 **Description** The issue allows for denial of service via a reachable assertion in the function inttobits in libjasper/base/jas image.c. **Recommendations** For JasPer version 3.0.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-18511
8.1
2022-03-21
Bento4 · Bento4 · CVE-2022-27607
**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** A heap-based buffer over-read issue exists in the AP4 HvccAtom class. **Recommendations** For Bento4 version 1.6.0-639, at the moment, there is no information about a newer version that contains a fix for this issue.