Zhangteng0526

**Name of the Vulnerable Software and Affected Versions** PX4 versions 1.17.0-rc2 and below **Description** PX4 is an open-source autopilot stack for drones and unmanned vehicles. A stack-based buffer overflow exists through the MavlinkLogHandler, triggered via a MAVLink log request. The `LogEntry.filepath` buffer is 60 bytes, but the `sscanf` function parses paths from the log list file without a width specifier, allowing paths exceeding 60 characters to overflow the buffer. An attacker with MAVLink link access can trigger this by creating deeply nested directories via MAVLink FTP, then requesting the log list. This causes the flight controller MAVLink task to crash, resulting in a denial-of-service (DoS) condition and loss of telemetry and command capability. **Recommendations** Versions prior to 1.17.0-rc2 should be updated.

**Name of the Vulnerable Software and Affected Versions** PX4-Autopilot version 1.14.3 **Description** The issue is a stack buffer overflow that allows attackers to execute commands, exploiting the vulnerability and causing the program to refuse to execute. **Recommendations** For PX4-Autopilot version 1.14.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libde265 version 1.0.15 **Description** A Heap Buffer Overflow issue allows attackers to crash the application by sending a crafted payload to the display444as420 function at sdl.cc. **Recommendations** For Libde265 version 1.0.15, consider updating to a newer version that contains a fix for this issue, if available. As a temporary workaround, restrict access to the display444as420 function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libde265 version 1.0.15 **Description** A Heap Buffer Overflow issue allows attackers to crash the application by sending a crafted payload to the ` interceptor memcpy` function. **Recommendations** For Libde265 version 1.0.15, consider applying a patch or update that fixes the Heap Buffer Overflow issue in the ` interceptor memcpy` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PX4-Autopilot version 1.12.3 **Description** A buffer overflow in the software allows attackers to cause a Denial of Service (DoS) via a crafted MavLink message. **Recommendations** For PX4-Autopilot version 1.12.3, consider disabling the handling of MavLink messages until a patch is available to prevent potential Denial of Service (DoS) attacks.

**Name of the Vulnerable Software and Affected Versions** PX4-Autopilot version 1.14.3 **Description** A buffer overflow issue was discovered in PX4-Autopilot via the `topic name` parameter at the "/logger/logged topics.cpp" API endpoint. **Recommendations** For PX4-Autopilot version 1.14.3, as a temporary workaround, consider restricting access to the `topic name` parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 Bento version 1.6.0-641 **Description** An issue in Bento4 Bento allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp, AP4 StsdAtom::AP4 StsdAtom, mp4fragment. **Recommendations** For version 1.6.0-641, consider restricting access to the Ap4StsdAtom.cpp file and the AP4 StsdAtom::AP4 StsdAtom function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-641-2-g1529b83 **Description** An issue was discovered in Bento4, leading to a Denial of Service (DoS). The issue is caused by a heap overflow in `AP4 Dec3Atom::AP4 Dec3Atom` at `Ap4Dec3Atom.cpp`. This can be demonstrated by `mp42aac`. **Recommendations** For Bento4 version 1.6.0-641-2-g1529b83, as a temporary workaround, consider disabling the `AP4 Dec3Atom::AP4 Dec3Atom` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 Bento version 1.6.0-641 **Description** An issue in Bento4 Bento allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp, AP4 MdhdAtom::AP4 MdhdAtom, mp4fragment. **Recommendations** For Bento4 Bento version 1.6.0-641, consider disabling the Ap4MdhdAtom.cpp or restricting access to the AP4 MdhdAtom::AP4 MdhdAtom function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-641-2-g1529b83 **Description** An issue was discovered in Bento4, leading to a Denial of Service (DoS). The issue is a heap-use-after-free in `AP4 UnknownAtom::~AP4 UnknownAtom` at Ap4Atom.cpp, as demonstrated by mp42ts. **Recommendations** As a temporary workaround, consider disabling the `AP4 UnknownAtom` class until a patch is available. Restrict access to the `Ap4Atom.cpp` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-641-2-g1529b83 **Description** An issue was discovered in Bento4, leading to a Denial of Service (DoS). The issue is a heap-use-after-free in `AP4 SubStream::~AP4 SubStream` at `Ap4ByteStream.cpp`, as demonstrated by mp42ts. **Recommendations** For Bento4 version 1.6.0-641-2-g1529b83, consider disabling the `AP4 SubStream` function until a patch is available to prevent potential Denial of Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-641-2-g1529b83 **Description** An issue was discovered in Bento4, leading to a Denial of Service (DoS). The issue is a heap-use-after-free in Ap4Sample.h in the `AP4 Sample::GetOffset()` function, as demonstrated by mp42ts. **Recommendations** For Bento4 version 1.6.0-641-2-g1529b83, consider disabling the `AP4 Sample::GetOffset()` function as a temporary workaround until a patch is available. Restrict access to the vulnerable module `Ap4Sample.h` to minimize the risk of exploitation. Avoid using the `GetOffset()` function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 Bento version 1.6.0-641 **Description** The issue allows a remote attacker to execute arbitrary code via the `AP4 BitReader::ReadCache()` function at `Ap4Utils.cpp` component. This is a Buffer Overflow vulnerability. **Recommendations** For Bento4 Bento version 1.6.0-641, consider disabling the `AP4 BitReader::ReadCache()` function as a temporary workaround until a patch is available. Restrict access to the `Ap4Utils.cpp` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 Bento version 1.6.0-641 **Description** The issue allows a remote attacker to execute arbitrary code via the `AP4 MemoryByteStream::WritePartial` function at `Ap4ByteStream.cpp`. This is a Buffer Overflow vulnerability. **Recommendations** For Bento4 Bento version 1.6.0-641, consider disabling the `AP4 MemoryByteStream::WritePartial` function as a temporary workaround until a patch is available. Restrict access to the `Ap4ByteStream.cpp` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.