CVE-2017-14643

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-14643

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14643.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-14643

Downstream

UBUNTU-CVE-2017-14643

Published

2017-09-21T17:29:00.340Z

Modified

2025-11-20T10:37:47.620657Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The AP4HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4BytesToUInt32BE in Core/Ap4Utils.h.

References

Affected packages

Git / github.com/axiomatic-systems/bento4

Affected ranges

Type: GIT
Repo: https://github.com/axiomatic-systems/bento4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5eb8cf89d724ccb0b4ce5f24171ec7c11f0a7647

Affected versions

v1.*

v1.4.2-584

v1.4.2-586

v1.4.2-587

v1.4.2-588

v1.4.2-589

v1.4.2-590

v1.4.2-591

v1.4.2-592

v1.4.2-593

v1.4.2-594

v1.4.3-595

v1.4.3-596

v1.4.3-597

v1.4.3-598

v1.4.3-599

v1.4.3-600

v1.4.3-601

v1.4.3-602

v1.4.3-603

v1.4.3-604

v1.4.3-605

v1.4.3-606

v1.4.3-607

v1.4.3-608

v1.5.0-609

v1.5.0-610

v1.5.0-611

v1.5.0-612

v1.5.0-613

v1.5.0-614

v1.5.0-615

v1.5.0-616

v1.5.0-617

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "333909807397275795022200898934827803119",
                "39407409956069566480179533402656843239",
                "124146144402655595476626805751121555748",
                "174149350717060041956304597321110249005"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2017-14643-18e9e42d",
        "target": {
            "file": "Source/C++/Core/Ap4StszAtom.cpp"
        },
        "source": "https://github.com/axiomatic-systems/bento4/commit/5eb8cf89d724ccb0b4ce5f24171ec7c11f0a7647"
    },
    {
        "digest": {
            "length": 596.0,
            "function_hash": "171630140456392424481151574818423066791"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2017-14643-207112db",
        "target": {
            "file": "Source/C++/Core/Ap4StszAtom.cpp",
            "function": "AP4_StszAtom::AP4_StszAtom"
        },
        "source": "https://github.com/axiomatic-systems/bento4/commit/5eb8cf89d724ccb0b4ce5f24171ec7c11f0a7647"
    },
    {
        "digest": {
            "line_hashes": [
                "38580530629386625158184996783982573908",
                "229256641978478002385340526390896082869",
                "172263602081673549902613549698982059415",
                "103041136981967531659290074132103553225"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2017-14643-43cb070c",
        "target": {
            "file": "Source/C++/Core/Ap4HdlrAtom.cpp"
        },
        "source": "https://github.com/axiomatic-systems/bento4/commit/5eb8cf89d724ccb0b4ce5f24171ec7c11f0a7647"
    },
    {
        "digest": {
            "length": 680.0,
            "function_hash": "294227699342354500339833328683187604433"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2017-14643-83f92dd5",
        "target": {
            "file": "Source/C++/Core/Ap4HdlrAtom.cpp",
            "function": "AP4_HdlrAtom::AP4_HdlrAtom"
        },
        "source": "https://github.com/axiomatic-systems/bento4/commit/5eb8cf89d724ccb0b4ce5f24171ec7c11f0a7647"
    }
]