PT-2018-16841 · Axiomatic Systems · Bento4

Xcainiao

Published

2018-01-05

Updated

2019-10-03

CVE-2018-5253

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bento4 version 1.5.1.0

Description The issue is related to an infinite loop in the AP4 FtypAtom class, which can be triggered by a crafted MP4 file. This occurs due to size mishandling in the Core/Ap4FtypAtom.cpp component of Bento4.

Recommendations For Bento4 version 1.5.1.0, consider avoiding the use of crafted MP4 files that may trigger the infinite loop until a patch is available. As a temporary workaround, restrict the processing of MP4 files to minimize the risk of exploitation.

Exploit

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2018-5253

Affected Products

Bento4

PT-2018-16841 · Axiomatic Systems · Bento4

CVE-2018-5253

Weakness Enumeration

Related Identifiers

Affected Products

References · 6