CVE-2018-20659

Published: Jan 2, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls.

Affected (1)

Products: Axiosys: Bento4

Axiosys

1 product

Bento4

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Axiosys Bento4	Version 1.5.1-627

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

https://github.com/axiomatic-systems/Bento4/issues/350

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/axiomatic-systems/Bento4/issues/350

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.