CVE-2019-8378

Name of the Vulnerable Software and Affected Versions Bento4 version 1.5.1-628

Description A heap-based buffer over-read issue exists in the AP4 BitStream::ReadBytes() function in Codecs/Ap4BitStream.cpp. This can be triggered by sending a crafted file to the aac2mp4 binary, potentially allowing an attacker to cause a Denial of Service (Segmentation fault) or have other unspecified impacts.

Recommendations For Bento4 version 1.5.1-628, as a temporary workaround, consider restricting the use of the aac2mp4 binary until a patch is available. Additionally, avoid processing crafted files with the aac2mp4 binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.