CVE-2019-9544

Name of the Vulnerable Software and Affected Versions Bento4 version 1.5.1-628

Description An issue was discovered that allows an attacker to cause Denial of Service or possibly have other unspecified impact by sending a crafted file to certain binaries, such as mp42hls, which triggers an out of bounds write in the AP4 CttsTableEntry constructor located in Core/Ap4Array.h.

Recommendations For Bento4 version 1.5.1-628, consider avoiding the use of the mp42hls binary with untrusted input until a fix is available. As a temporary workaround, restrict access to the vulnerable AP4 CttsTableEntry constructor to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.