CVE-2017-14638

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-14638

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14638.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-14638

Downstream

UBUNTU-CVE-2017-14638

Published

2017-09-21T17:29:00Z

Modified

2025-10-21T04:12:15.030731Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

AP4AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4Atom::SetType in Core/Ap4Atom.h.

References

Affected packages

Git / github.com/axiomatic-systems/bento4

Affected ranges

Type: GIT
Repo: https://github.com/axiomatic-systems/bento4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

be7185faf7f52674028977dcf501c6039ff03aa5

Affected versions

v1.*

v1.4.2-584

v1.4.2-586

v1.4.2-587

v1.4.2-588

v1.4.2-589

v1.4.2-590

v1.4.2-591

v1.4.2-592

v1.4.2-593

v1.4.2-594

v1.4.3-595

v1.4.3-596

v1.4.3-597

v1.4.3-598

v1.4.3-599

v1.4.3-600

v1.4.3-601

v1.4.3-602

v1.4.3-603

v1.4.3-604

v1.4.3-605

v1.4.3-606

v1.4.3-607

v1.4.3-608

v1.5.0-609

v1.5.0-610

v1.5.0-611

v1.5.0-612

v1.5.0-613

v1.5.0-614

v1.5.0-615

v1.5.0-616

v1.5.0-617

Database specific

vanir_signatures

[
    {
        "id": "CVE-2017-14638-8135e6fe",
        "source": "https://github.com/axiomatic-systems/bento4/commit/be7185faf7f52674028977dcf501c6039ff03aa5",
        "target": {
            "function": "AP4_AtomFactory::CreateAtomFromStream",
            "file": "Source/C++/Core/Ap4AtomFactory.cpp"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 13286.0,
            "function_hash": "13571065616000194806636631905777089122"
        }
    },
    {
        "id": "CVE-2017-14638-8c99f702",
        "source": "https://github.com/axiomatic-systems/bento4/commit/be7185faf7f52674028977dcf501c6039ff03aa5",
        "target": {
            "file": "Source/C++/Core/Ap4AtomFactory.cpp"
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "56203802394775780931689243930835568753",
                "209695744289537601510109735727837859639",
                "80864719845706768818582140735671784576",
                "191976601059039302348960374076972387790",
                "330916678090644485471807480082800855851",
                "176122952162419793068977561026123976523",
                "283342979292773258537648086031138556056",
                "72489157896170200008651005305777051809",
                "252386177626858382565645938550332451698"
            ]
        }
    }
]