CVE-2024-30807

Name of the Vulnerable Software and Affected Versions Bento4 version 1.6.0-641-2-g1529b83

Description An issue was discovered in Bento4, leading to a Denial of Service (DoS). The issue is a heap-use-after-free in AP4 UnknownAtom::~AP4 UnknownAtom at Ap4Atom.cpp, as demonstrated by mp42ts.

Recommendations As a temporary workaround, consider disabling the AP4 UnknownAtom class until a patch is available. Restrict access to the Ap4Atom.cpp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.