CVE-2024-24155

Name of the Vulnerable Software and Affected Versions Bento4 version 1.5.1-628

Description The issue is related to a Memory leak in the AP4 Movie::AP4 Movie function when parsing tracks and adding them to the m Tracks list. If an error occurs due to no audio track being found, mp42aac cannot correctly delete the tracks, leading to a memory leak. This allows attackers to cause a Denial of Service (DoS) via a crafted mp4 file.

Recommendations For Bento4 version 1.5.1-628, consider updating to a newer version that addresses the memory leak issue in the AP4 Movie::AP4 Movie function. As a temporary workaround, restrict the use of mp42aac when parsing mp4 files to minimize the risk of exploitation.