CVE-2019-8382

Name of the Vulnerable Software and Affected Versions Bento4 version 1.5.1-628

Description A NULL pointer dereference issue occurs in the AP4 List:Find function, located in Core/Ap4List.h, when called from Core/Ap4Movie.cpp. This can be triggered by sending a crafted file to the mp4dump binary, allowing an attacker to cause a Denial of Service (Segmentation fault) or possibly have other unspecified impacts.

Recommendations For Bento4 version 1.5.1-628, as a temporary workaround, consider restricting the use of the mp4dump binary until a patch is available. Additionally, avoid processing crafted or untrusted files with the affected binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.