CVE-2024-57510

Published: Jan 29, 2025Modified: Jun 17, 2026Deferred

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial.

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (3)

https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24

Source: cve@mitre.org

https://github.com/axiomatic-systems/Bento4/issues/989

Source: cve@mitre.org

https://github.com/axiomatic-systems/Bento4/issues/989

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.