Zhanggenexop

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.5.1.0 Description: An issue was discovered in Bento4, leading to a heap-buffer-overflow in `AP4 Dec3Atom::AP4 Dec3Atom` at `Ap4Dec3Atom.cpp`. This results in a denial of service, causing the program to crash, as demonstrated by `mp42aac`. Recommendations: For Bento4 version 1.5.1.0, consider disabling the `AP4 Dec3Atom::AP4 Dec3Atom` function until a patch is available to prevent the heap-buffer-overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.1.0 **Description** A heap-based buffer over-read issue was discovered in the function `AP4 BitReader::SkipBits` at `Core/Ap4Utils.cpp`. **Recommendations** For Bento4 version 1.5.1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.1.0 **Description** A heap-based buffer overflow issue was found in the AP4 RtpAtom class at Core/Ap4RtpAtom.cpp. **Recommendations** For Bento4 version 1.5.1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.1.0 **Description** A heap-based buffer over-read issue was discovered in the AP4 Dec3Atom class at Core/Ap4Dec3Atom.cpp. **Recommendations** For Bento4 version 1.5.1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.1.0 **Description** A heap-based buffer over-read issue was discovered in the AP4 AvccAtom class at Core/Ap4AvccAtom.cpp. **Recommendations** For Bento4 version 1.5.1.0, at the moment, there is no information about a newer version that contains a fix for this issue.