CVE-2020-23333

Name
CVE-2020-23333
Description
A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS).
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/axiomatic-systems/Bento4/issues/507

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:axiosys:bento4:*:*:*:*:*:*:*:* bento4 >= None < 1.6.0-635

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
bento4 3.17-community 1.6.0.639-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
bento4 edge-community 1.6.0.640-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
bento4 3.18-community 1.6.0.640-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable