What is the severity of CVE-2017-14646?

CVE-2017-14646 is considered a high severity vulnerability due to its potential for causing application crashes.

How do I fix CVE-2017-14646?

To fix CVE-2017-14646, upgrade Bento4 to version 1.5.0-618 or later, which includes the necessary patches.

What types of attacks can exploit CVE-2017-14646?

CVE-2017-14646 can be exploited through specially crafted files that trigger the heap-based buffer over-read.

Which software versions are affected by CVE-2017-14646?

CVE-2017-14646 affects Bento4 version 1.5.0-617.

What could happen if I don't address CVE-2017-14646?

If not addressed, CVE-2017-14646 may lead to application instability and crashes, affecting user experience and data integrity.

Vulnerability/
CVE-2017-14646

high

7.5

CWE

125

21/9/2017

5/8/2024

CVE-2017-14646

First published: Thu Sep 21 2017(Updated: )

The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Bento4	=1.5.0-617

Remedy

https://blogs.gentoo.org/ago/2017/09/14/bento4-heap-based-buffer-overflow-in-ap4_databuffersetdata-ap4databuffer-cpp/

Remedy

https://github.com/axiomatic-systems/Bento4/commit/53499d8d4c69142137c7c7f0097a444783fdeb90

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-14646?
CVE-2017-14646 is considered a high severity vulnerability due to its potential for causing application crashes.
How do I fix CVE-2017-14646?
To fix CVE-2017-14646, upgrade Bento4 to version 1.5.0-618 or later, which includes the necessary patches.
What types of attacks can exploit CVE-2017-14646?
CVE-2017-14646 can be exploited through specially crafted files that trigger the heap-based buffer over-read.
Which software versions are affected by CVE-2017-14646?
CVE-2017-14646 affects Bento4 version 1.5.0-617.
What could happen if I don't address CVE-2017-14646?
If not addressed, CVE-2017-14646 may lead to application instability and crashes, affecting user experience and data integrity.

agent/type
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/severity
agent/references
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/axiosys
canonical/bento4
version/bento4/1.5.0-617

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2017-14646?
CVE-2017-14646 is considered a high severity vulnerability due to its potential for causing application crashes.
How do I fix CVE-2017-14646?
To fix CVE-2017-14646, upgrade Bento4 to version 1.5.0-618 or later, which includes the necessary patches.
What types of attacks can exploit CVE-2017-14646?
CVE-2017-14646 can be exploited through specially crafted files that trigger the heap-based buffer over-read.
Which software versions are affected by CVE-2017-14646?
CVE-2017-14646 affects Bento4 version 1.5.0-617.
What could happen if I don't address CVE-2017-14646?
If not addressed, CVE-2017-14646 may lead to application instability and crashes, affecting user experience and data integrity.