CVE-2024-30809

Name of the Vulnerable Software and Affected Versions Bento4 version 1.6.0-641-2-g1529b83

Description An issue was discovered in Bento4, leading to a Denial of Service (DoS). The issue is a heap-use-after-free in Ap4Sample.h in the AP4 Sample::GetOffset() function, as demonstrated by mp42ts.

Recommendations For Bento4 version 1.6.0-641-2-g1529b83, consider disabling the AP4 Sample::GetOffset() function as a temporary workaround until a patch is available. Restrict access to the vulnerable module Ap4Sample.h to minimize the risk of exploitation. Avoid using the GetOffset() function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.