CVE-2017-14641 - Vulnerability Details - OpenCVE

ReportizFlow

A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bento4	Bento4

Configuration 1 [-]

cpe:2.3:a:bento4:bento4:1.5.0-617:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_dataatomap4_dataatom-ap4metadata-cpp/
https://github.com/axiomatic-systems/Bento4/commit/41cad602709436628f07b4c4f64e9ff7a611f687
https://github.com/axiomatic-systems/Bento4/issues/184

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-21T17:00:00

Updated: 2024-08-05T19:34:39.352Z

Reserved: 2017-09-21T00:00:00

Link: CVE-2017-14641

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-09-21T17:29:00.260

Modified: 2024-11-21T03:13:16.117

Link: CVE-2017-14641

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-21T00:00:00", "descriptions": [{"lang": "en", "value": "A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-21T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/axiomatic-systems/Bento4/issues/184"}, {"tags": ["x_refsource_MISC"], "url": "https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_dataatomap4_dataatom-ap4metadata-cpp/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/axiomatic-systems/Bento4/commit/41cad602709436628f07b4c4f64e9ff7a611f687"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2017-14641", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/axiomatic-systems/Bento4/issues/184", "refsource": "MISC", "url": "https://github.com/axiomatic-systems/Bento4/issues/184"}, {"name": "https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_dataatomap4_dataatom-ap4metadata-cpp/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_dataatomap4_dataatom-ap4metadata-cpp/"}, {"name": "https://github.com/axiomatic-systems/Bento4/commit/41cad602709436628f07b4c4f64e9ff7a611f687", "refsource": "MISC", "url": "https://github.com/axiomatic-systems/Bento4/commit/41cad602709436628f07b4c4f64e9ff7a611f687"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:34:39.352Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/axiomatic-systems/Bento4/issues/184"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_dataatomap4_dataatom-ap4metadata-cpp/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/axiomatic-systems/Bento4/commit/41cad602709436628f07b4c4f64e9ff7a611f687"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14641", "datePublished": "2017-09-21T17:00:00", "dateReserved": "2017-09-21T00:00:00", "dateUpdated": "2024-08-05T19:34:39.352Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bento4:bento4:1.5.0-617:*:*:*:*:*:*:*", "matchCriteriaId": "E91AC306-5354-4B0C-B481-CBA451648D90", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service."}, {"lang": "es", "value": "Existe una desreferencia de puntero NULL en la clase AP4_DataAtom en MetaData/Ap4MetaData.cpp en Bento4 1.5.0-617. Esta vulnerabilidad causa un error de segmentaci\u00f3n y el cierre inesperado de la aplicaci\u00f3n, lo que da lugar a una denegaci\u00f3n de servicio remota."}], "id": "CVE-2017-14641", "lastModified": "2024-11-21T03:13:16.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2017-09-21T17:29:00.260", "references": [{"source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_dataatomap4_dataatom-ap4metadata-cpp/"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/axiomatic-systems/Bento4/commit/41cad602709436628f07b4c4f64e9ff7a611f687"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/axiomatic-systems/Bento4/issues/184"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://blogs.gentoo.org/ago/2017/09/14/bento4-null-pointer-dereference-in-ap4_dataatomap4_dataatom-ap4metadata-cpp/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/axiomatic-systems/Bento4/commit/41cad602709436628f07b4c4f64e9ff7a611f687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/axiomatic-systems/Bento4/issues/184"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "[email protected]", "type": "Primary"}]}