Impact
The vulnerability is a stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of Bento4 that can be triggered by a maliciously crafted MP4 file. This stack-based buffer overflow is compounded by an out-of-bounds write (CWE-121) that corrupts the stack, leading to a crash of the media processing application. The impact is a denial of service; no evidence indicates code execution or data disclosure, so the vulnerability primarily affects availability.
Affected Systems
Bento4 component from axiomatic‑systems used in media handling applications before version 1.8.9. Any software that incorporates this library to parse or write MP4 files is potentially affected.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity. The EPSS score is below 1%, implying a low probability of exploitation, and the vulnerability is not listed in CISA's KEV catalog. Based on the description, it is inferred that the vulnerability can be triggered remotely by delivering a crafted MP4 file to an application that processes media using Bento4. This requires the application to accept external media input; if that condition is met, a remote attacker could invoke the stack overflow and cause a DoS. If the application does not accept untrusted files, local exploitation would be required. The impact is service interruption with no evidence of data confidentiality or integrity breach.
OpenCVE Enrichment