bento4@1.0.3 vulnerabilities

Full-featured MP4 format and MPEG DASH library and tools

Direct Vulnerabilities

Known vulnerabilities in the bento4 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Out-of-Bounds

bento4 is a Full-featured MP4 format, MPEG DASH, HLS, CMAF SDK and tools.

Affected versions of this package are vulnerable to Out-of-Bounds in the mp4info component.

How to fix Out-of-Bounds?

There is no fixed version for bento4.

>=0.0.0
  • M
Heap-based Buffer Overflow

bento4 is a Full-featured MP4 format, MPEG DASH, HLS, CMAF SDK and tools.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the component mp42aac.

How to fix Heap-based Buffer Overflow?

There is no fixed version for bento4.

*
  • H
Denial of Service (DoS)

bento4 is a Full-featured MP4 format, MPEG DASH, HLS, CMAF SDK and tools.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a memory allocation issue in Ap4DataBuffe.

How to fix Denial of Service (DoS)?

There is no fixed version for bento4.

*
  • H
Denial of Service (DoS)

bento4 is a Full-featured MP4 format, MPEG DASH, HLS, CMAF SDK and tools.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to memory leak via the mp4fragment.

How to fix Denial of Service (DoS)?

There is no fixed version for bento4.

*
  • M
Buffer Overflow

bento4 is a Full-featured MP4 format, MPEG DASH, HLS, CMAF SDK and tools.

Affected versions of this package are vulnerable to Buffer Overflow. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure.

How to fix Buffer Overflow?

There is no fixed version for bento4.

*