CVE-2025-8537

Medium CVSS: 6.3

A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Vendor

Axiosys

Product

Bento4

CWE

CWE-400

Yayın Tarihi

2025-08-05 01:15:43

Güncelleme

2025-09-12 15:56:04

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-400 Bento4 MEDIUM Axiosys 2025

Referanslar

https://drive.google.com/file/d/1AkRpx3wcMy3Ic9tQeQyRJybBipK72aQO/view?usp=drive_link https://github.com/axiomatic-systems/Bento4/issues/1037 https://vuldb.com/?ctiid.318666 https://vuldb.com/?id.318666 https://vuldb.com/?submit.619602 https://github.com/axiomatic-systems/Bento4/issues/1037 https://vuldb.com/?submit.619602

Benzer Kayıtlar

Medium

CVE-2025-25942

An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when proce…

High

CVE-2025-25943

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2At…

High

CVE-2025-25944

Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom…

Medium

CVE-2025-25945

An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Fragment.cpp and in AP4_…

Medium

CVE-2025-25946

An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specific…

Medium

CVE-2025-25947

An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4_At…