CVE-2025-0870

Name of the Vulnerable Software and Affected Versions Axiomatic Bento4 versions up to 1.6.0-641

Description The issue affects the function AP4 DataBuffer::GetData in the library Ap4DataBuffer.h, leading to a heap-based buffer overflow. This can be exploited remotely, with a rather high complexity of attack. The exploitation is known to be difficult. The product uses a rolling release for continuous delivery, and thus no specific version details for affected or updated releases are available.

Recommendations Axiomatic Bento4 versions up to 1.6.0-641: Update to a version later than 1.6.0-641, or apply a patch that fixes the AP4 DataBuffer::GetData function in the Ap4DataBuffer.h library to prevent heap-based buffer overflow.