CVE-2024-57510

CVE-2024-57510 is a buffer overflow vulnerability (CWE-120) in the mp42avc component of Bento4 at commit v.3bdc891602d19789b8e8626e4a3e613a937b4d35. It affects the AP4_MemoryByteStream::WritePartial function, enabling a local attacker to execute arbitrary code. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential within a local context.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows arbitrary code execution, potentially leading to high impacts on confidentiality, integrity, and availability on the affected system.

Mitigation details, including discussions of the issue and potential patches, are available in the referenced advisories: a GitHub Gist at https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24 and Bento4 GitHub issue #989 at https://github.com/axiomatic-systems/Bento4/issues/989. The vulnerability was published on 2025-01-29.