CVE-2025-0753

Name of the Vulnerable Software and Affected Versions Axiomatic Bento4 versions up to 1.6.0

Description A critical vulnerability was found in Axiomatic Bento4, affecting the AP4 StdcFileByteStream::ReadPartial function of the mp42aac component. This vulnerability leads to a heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vulnerability is related to the function AP4 StdcFileByteStream::ReadPartial() and is associated with a buffer overflow in memory, which can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Axiomatic Bento4 versions up to 1.6.0, consider disabling the AP4 StdcFileByteStream::ReadPartial function as a temporary workaround until a patch is available. Restrict access to the mp42aac component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.