CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0753: Axiomatic Bento4 mp42aac ReadPartial heap-based overflow

6.9 CVSS

Description

A vulnerability classified as critical was found in Axiomatic Bento4 up to 1.6.0. This vulnerability affects the function AP4_StdcFileByteStream::ReadPartial of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In Axiomatic Bento4 bis 1.6.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion AP4_StdcFileByteStream::ReadPartial der Komponente mp42aac. Mittels dem Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-0753

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.9

Affected Products

Vendor: Axiomatic

Product: Bento4

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 22.74% (scored less or equal to compared to others)

EPSS Date: 2025-02-25 (when was this score calculated)

References

https://vuldb.com/?id.293518
https://vuldb.com/?ctiid.293518
https://vuldb.com/?submit.483326
https://github.com/axiomatic-systems/Bento4/issues/991
https://github.com/user-attachments/files/18434657/seeds.zip

Timeline

2025-01-28 00:30:48 UTC
CVE

Axiomatic Bento4 mp42aac ReadPartial heap-based overflow