CVE-2025-8537
Description
A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| axiosys | bento4 | {"endIncluding":"1.6.0-641"} | |
References
- https://drive.google.com/file/d/1AkRpx3wcMy3Ic9tQeQyRJybBipK72aQO/view?usp=drive_link
- https://github.com/axiomatic-systems/Bento4/issues/1037
- https://vuldb.com/?ctiid.318666
- https://vuldb.com/?id.318666
- https://vuldb.com/?submit.619602
- https://github.com/axiomatic-systems/Bento4/issues/1037
- https://vuldb.com/?submit.619602
CWEs
CWE-400 CWE-770 CWE-617
Verify integrity in audit chain (admin only). AS-IS.