CVE-2025-8537

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Axiomatic Bento4 versions up to 1.6.0-641

Description A problematic issue exists in the mp4decrypt component, specifically within the AP4 DataBuffer::SetDataSize function of the Mp4Decrypt.cpp file. This issue leads to resource allocation. The attack can be launched remotely, but is considered difficult to exploit. The exploit has been publicly disclosed.

Recommendations Update to a version of Axiomatic Bento4 newer than 1.6.0-641.

Exploit

Fix

Resource Exhaustion

Allocation of Resources Without Limits

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770CWE-617

Related Identifiers

CVE-2025-8537

Affected Products

Bento4

CVE-2025-8537

Weakness Enumeration

Related Identifiers

Affected Products

References · 11