CVE-2024-25453

Name of the Vulnerable Software and Affected Versions Bento4 version 1.6.0-640

Description The issue is related to a NULL pointer dereference in the AP4 StszAtom::GetSampleSize() function of the Bento4 library, which can lead to a denial of service. This function is part of the ISO-MP4 file reading and writing library. The exploitation of this issue may allow an attacker to cause a service disruption.

Recommendations For Bento4 version 1.6.0-640, as a temporary workaround, consider disabling the AP4 StszAtom::GetSampleSize() function until a patch is available. However, since no specific fix is mentioned for this version, and given the nature of the issue, it is crucial to monitor for updates from the vendor that may address this problem. At the moment, there is no information about a newer version that contains a fix for this vulnerability.