Suggestions search

All statuses

Filter by:

With package: bento4

Found 2 matching suggestions

View:

Compact

Detailed

Published

Permalink CVE-2026-5236

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 week ago
@LeSuisse accepted 1 week ago
@LeSuisse published on GitHub 1 week ago

Axiomatic Bento4 DSI v1 Ap4Dac4Atom.cpp SkipBits heap-based overflow

A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument n_presentations leads to heap-based buffer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-354387 | Axiomatic Bento4 DSI v1 Ap4Dac4Atom.cpp SkipBits heap-based overflow vdb-entrytechnical-description
VDB-354387 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #780473 | Bento4 <=1.6.0-641 Memory Corruption third-party-advisory
https://github.com/axiomatic-systems/Bento4/issues/1059 issue-tracking
https://github.com/axiomatic-systems/Bento4/issues/1059#issue-4078584738 issue-trackingexploit

Affected products

Bento4

==1.6.0-641

Matching in nixpkgs

pkgs.bento4

Full-featured MP4 format and MPEG DASH library and tools

nixos-unstable 1.6.0-641
- nixpkgs-unstable 1.6.0-641
- nixos-unstable-small 1.6.0-641
nixos-25.11 1.6.0-641
- nixos-25.11-small 1.6.0-641
- nixpkgs-25.11-darwin 1.6.0-641

Package maintainers

@makefu Felix Richter <makefu@syntax-fehler.de>

Upstream issue: https://github.com/axiomatic-systems/Bento4/issues/1059
Currently (2026-04-01) no patch available

Published

Permalink CVE-2026-5235

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 week ago
@LeSuisse accepted 1 week ago
@LeSuisse published on GitHub 1 week ago

Axiomatic Bento4 MP4 File Ap4Dac4Atom.cpp ReadCache heap-based overflow

A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation causes heap-based buffer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-354386 | Axiomatic Bento4 MP4 File Ap4Dac4Atom.cpp ReadCache heap-based overflow vdb-entrytechnical-description
VDB-354386 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #780472 | Bento4 <=1.6.0-641 Memory Corruption third-party-advisory
https://github.com/axiomatic-systems/Bento4/issues/1058 issue-tracking
https://github.com/axiomatic-systems/Bento4/issues/1058#issue-4078583078 issue-trackingexploit

Affected products

Bento4

==1.6.0-641

Matching in nixpkgs

pkgs.bento4

Full-featured MP4 format and MPEG DASH library and tools

nixos-unstable 1.6.0-641
- nixpkgs-unstable 1.6.0-641
- nixos-unstable-small 1.6.0-641
nixos-25.11 1.6.0-641
- nixos-25.11-small 1.6.0-641
- nixpkgs-25.11-darwin 1.6.0-641

Package maintainers

@makefu Felix Richter <makefu@syntax-fehler.de>

Unpatched
Upstream issue: https://github.com/axiomatic-systems/Bento4/issues/1058