CVE-2025-0870

Name

CVE-2025-0870

Description

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4_DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
issue-tracking	https://github.com/axiomatic-systems/Bento4/issues/980
exploit	https://github.com/user-attachments/files/16929290/Bug2.zip
signature	https://vuldb.com/?ctiid.294056
vdb-entry	https://vuldb.com/?id.294056

CPE URI	Source package	Min version	Max version
	bento4	== 1.6.0-641	== 1.6.0-641
`cpe:2.3:a:axiosys:bento4::::::::`	bento4	>= None	<= 1.6.0-641

Source package	Branch	Version	Maintainer	Status
bento4	edge-community	1.6.0.641-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
bento4	3.23-community	1.6.0.641-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
bento4	3.22-community	1.6.0.641-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable

References

Match rules

Vulnerable and fixed packages