Gilles Boccon-Gibod

10 exploits Active since Sep 2017
CVE-2017-12474 WRITEUP MEDIUM WRITEUP
bento4 < 1.5.0-615 - Denial of Service via Crafted MP4 File
The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
CVSS 5.5
CVE-2017-12475 WRITEUP MEDIUM WRITEUP
Bento4 < 1.5.0-615 - Denial of Service via Crafted MP4 File
The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
CVSS 5.5
CVE-2017-12476 WRITEUP MEDIUM WRITEUP
bento4 < 1.5.0-615 - Denial of Service via Crafted MP4 File
The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
CVSS 5.5
CVE-2017-14638 WRITEUP MEDIUM WRITEUP
Bento4 <1.5.0-617 - Memory Corruption
AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h.
CVSS 6.5
CVE-2017-14639 WRITEUP HIGH WRITEUP
Bento4 <1.5.0-617 - Buffer Overflow
AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact.
CVSS 8.8
CVE-2017-14640 WRITEUP MEDIUM WRITEUP
Bento4 1.5.0-617 - Denial of Service via NULL Pointer Dereference in AP4_AtomSampleTable::GetSample
A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.
CVSS 6.5
CVE-2017-14641 WRITEUP MEDIUM WRITEUP
Bento4 1.5.0-617 - Denial of Service via NULL Pointer Dereference in AP4_DataAtom
A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.
CVSS 6.5
CVE-2017-14642 WRITEUP MEDIUM WRITEUP
Bento4 1.5.0-617 - Denial of Service via NULL Pointer Dereference in AP4_StdcFileByteStream::ReadPartial
A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash in AP4_StdcFileByteStream::ReadPartial in System/StdC/Ap4StdCFileByteStream.cpp, which leads to remote denial of service.
CVSS 6.5
CVE-2017-14643 WRITEUP MEDIUM WRITEUP
Bento4 <1.5.0-617 - Buffer Overflow
The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h.
CVSS 6.5
CVE-2017-14646 WRITEUP HIGH WRITEUP
Bento4 <1.5.0-617 - Buffer Overflow
The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.
CVSS 7.5