This can lead to a denial of service if exploited.

To learn more about the severity of this issue and its implications, please consult the CVE section of the advisory.

In addition, due to a memory corruption issue discovered in mp43hls, it is advised to upgrade to v1.6.0-639 as soon as possible.

Finally, v1.6.0-639 also fixes an issue of AP4_Util::SetUrl function. This can lead to a denial of service if exploited.
This advisory has been updated for the latest version of Bento4 v1.6.0-639 and v1.7.0-639.

To upgrade, users can simply visit the main menu of Bento4, select “Help > Check For Upgrade”.
An in-game notification will appear when Bento4 v1.6.0-639 or v1.7.0-639 is out.

Disclaimer

Please consult the advisory page for additional information: https://support.humblebundle.com/hc/en-us/articles/360000876614-CVE-2022-41424

Pre-requisites for upgrading

One of the pre-requisites for upgrading is that the user has the latest Bento4 v1.6.0-639 or v1.7.0-639 installed and running on their device.

Timeline

Published on: 10/03/2022 14:15:00 UTC
Last modified on: 10/05/2022 13:20:00 UTC

References