This vulnerability is caused by insufficient validation of input data. It may be exploited by sending specially crafted HTTP requests. It is also possible to exploit this vulnerability during file upload. An attacker may use the Java Web Start mechanism to exploit this vulnerability. A security update has been released for this vulnerability. It is recommended to update the affected software as soon as possible.
In the second half of January 2019, the security community discovered a new critical vulnerability in Axiomatic Bento4. The associated identifier of this vulnerability is VDB-211897. This vulnerability was assigned the critical rating because it may be exploited by remote attackers to execute arbitrary code. It may lead to remote code execution. It affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to exploit this vulnerability remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212008.

How to install Axiomatic Bento4 (Vendor-Dependent) on CentOS 7 .

Install the Axiomatic Bento4 package from the following repository:
yum -y install https://storage.googleapis.com/axis2/repo/Axis2-AxStar-RHEL7-x86_64.repo
After that, add the following to your yum.conf file:
alias axstar='yum -y install axis2'

Vulnerability summary

ASP.NET Web API is an open source framework for building RESTful web services using .NET technology.
In the second half of January 2019, the security community discovered a new critical vulnerability in Axiomatic Bento4. The associated identifier of this vulnerability is VDB-211897. This vulnerability was assigned the critical rating because it may be exploited by remote attackers to execute arbitrary code. It may lead to remote code execution. It affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to exploit this vulnerability remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212008.

How to prevent VDB-212008

- It is recommended to update the affected software as soon as possible.
- The vulnerability was discovered in early 2019, so it is important to check whether any updates exist.

Timeline

Published on: 10/26/2022 19:15:00 UTC
Last modified on: 10/28/2022 17:30:00 UTC

References