exploitDog

CVE-2024-24155

Опубликовано: 29 фев. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mp4 file.

Ссылки

https://github.com/axiomatic-systems/Bento4/issues/919
Exploit
Issue Tracking
Third Party Advisory
https://github.com/axiomatic-systems/Bento4/issues/919
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:axiosys:bento4:1.5.1-628:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00596

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-401

CWE-401

Связанные уязвимости

GHSA-x57g-x9fg-576h

CVSS3: 6.5

github

почти 2 года назад

Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mp4 file.

EPSS

Процентиль: 69%

0.00596

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-401

CWE-401