CVE-2017-12476
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-12476
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12476.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-12476
- Downstream
- Published
- 2017-09-06T08:29:00Z
- Modified
- 2025-10-21T04:09:39.101784Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
- References
Affected packages
Git / github.com/axiomatic-systems/bento4
Affected ranges
- Type
- GIT
- Repo
- https://github.com/axiomatic-systems/bento4
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.4.2-584
v1.4.2-586
v1.4.2-587
v1.4.2-588
v1.4.2-589
v1.4.2-590
v1.4.2-591
v1.4.2-592
v1.4.2-593
v1.4.2-594
v1.4.3-595
v1.4.3-596
v1.4.3-597
v1.4.3-598
v1.4.3-599
v1.4.3-600
v1.4.3-601
v1.4.3-602
v1.4.3-603
v1.4.3-604
v1.4.3-605
v1.4.3-606
v1.4.3-607
v1.4.3-608
v1.5.0-609
v1.5.0-610
v1.5.0-611
v1.5.0-612
v1.5.0-613
v1.5.0-614
v1.5.0-615
Database specific
vanir_signatures
[
{
"id": "CVE-2017-12476-30b075c5",
"source": "https://github.com/axiomatic-systems/bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e",
"signature_version": "v1",
"digest": {
"line_hashes": [
"84022314734891574199871882695032361778",
"171059907009446573162562772287270821155",
"279969096960240345035820857130433745699",
"295420202832385258523700312792608286655"
],
"threshold": 0.9
},
"target": {
"file": "Source/C++/Core/Ap4AvccAtom.cpp"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2017-12476-3b602a59",
"source": "https://github.com/axiomatic-systems/bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e",
"signature_version": "v1",
"digest": {
"line_hashes": [
"154715150314545768978829984427111092107",
"311931562962270247245184261176319430329",
"251301050117220292542939663153297262201",
"2816927888908992041112841057907278729"
],
"threshold": 0.9
},
"target": {
"file": "Source/C++/Core/Ap4Processor.cpp"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2017-12476-42f40e1a",
"source": "https://github.com/axiomatic-systems/bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e",
"signature_version": "v1",
"digest": {
"length": 6565.0,
"function_hash": "193395187742426618272724187477474149448"
},
"target": {
"function": "AP4_Processor::Process",
"file": "Source/C++/Core/Ap4Processor.cpp"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2017-12476-60837c8f",
"source": "https://github.com/axiomatic-systems/bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e",
"signature_version": "v1",
"digest": {
"length": 1798.0,
"function_hash": "79412466060385049557278148003220286276"
},
"target": {
"function": "AP4_AtomSampleTable::GetSample",
"file": "Source/C++/Core/Ap4AtomSampleTable.cpp"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2017-12476-77ff6cec",
"source": "https://github.com/axiomatic-systems/bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e",
"signature_version": "v1",
"digest": {
"length": 948.0,
"function_hash": "124655797944461491250835557859257994442"
},
"target": {
"function": "AP4_AvccAtom::InspectFields",
"file": "Source/C++/Core/Ap4AvccAtom.cpp"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2017-12476-800de5f6",
"source": "https://github.com/axiomatic-systems/bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e",
"signature_version": "v1",
"digest": {
"line_hashes": [
"75354815925692739227399233083237127609",
"211280023659473102723899245428761742131",
"48290816414687888719436012006338905176"
],
"threshold": 0.9
},
"target": {
"file": "Source/C++/Core/Ap4AtomSampleTable.cpp"
},
"signature_type": "Line",
"deprecated": false
}
]