| Título | Bento4 <=1.6.0-641 Memory Corruption |
|---|
| Descrição | A heap-buffer-overflow vulnerability was found in AP4_Dac4Atom constructor in Ap4Dac4Atom.cpp. When parsing a crafted MP4 file with a dac4 atom containing insufficient payload, AP4_BitReader::ReadCache() reads beyond the heap-allocated buffer. This leads to out-of-bounds read (CWE-125), causing potential information disclosure or denial of service. |
|---|
| Fonte | ⚠️ https://github.com/axiomatic-systems/Bento4/issues/1058 |
|---|
| Utilizador | breakingbad (UID 96046) |
|---|
| Submissão | 15/03/2026 16h27 (há 23 dias) |
|---|
| Moderação | 31/03/2026 16h09 (16 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 354386 [Axiomatic Bento4 até 1.6.0-641 MP4 File Parser Ap4Dac4Atom.cpp AP4_BitReader::ReadCache Excesso de tampão] |
|---|
| Pontos | 19 |
|---|