漏洞标题
Axiomatic Bento4 Ap4DataBuffer.hGetData堆溢出漏洞
漏洞描述信息
在Axiomatic Bento4 1.6.0-641及之前版本中发现了一个漏洞,该漏洞被评为严重级别。此问题影响到库Ap4DataBuffer.h中的AP4_DataBuffer::GetData函数。该漏洞可导致基于堆的缓冲区溢出。攻击者可能远程利用此漏洞。利用该漏洞的攻击复杂度较高,且已知该漏洞的利用较为困难。该漏洞的利用方法已公开,可能被利用。由于该产品采用滚动发布方式,持续提供更新,因此无法提供受影响版本及更新版本的详细信息。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
跨界内存写
漏洞标题
Axiomatic Bento4 Ap4DataBuffer.h GetData heap-based overflow
漏洞描述信息
A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4_DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
漏洞类别
堆缓冲区溢出