CVE-2017-14643
- Source
- https://cve.org/CVERecord?id=CVE-2017-14643
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14643.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-14643
- Downstream
- Published
- 2017-09-21T17:29:00.340Z
- Modified
- 2026-04-11T15:43:03.850898Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The AP4HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4BytesToUInt32BE in Core/Ap4Utils.h.
- References
Affected packages
Git / github.com/axiomatic-systems/Bento4
Affected ranges
- Type
- GIT
- Repo
- https://github.com/axiomatic-systems/Bento4
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "cpe": "cpe:2.3:a:bento4:bento4:1.5.0-617:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.5.0-617" } ] }
Affected versions
v1.*
v1.4.2-584
v1.4.2-586
v1.4.2-587
v1.4.2-588
v1.4.2-589
v1.4.2-590
v1.4.2-591
v1.4.2-592
v1.4.2-593
v1.4.2-594
v1.4.3-595
v1.4.3-596
v1.4.3-597
v1.4.3-598
v1.4.3-599
v1.4.3-600
v1.4.3-601
v1.4.3-602
v1.4.3-603
v1.4.3-604
v1.4.3-605
v1.4.3-606
v1.4.3-607
v1.4.3-608
v1.5.0-609
v1.5.0-610
v1.5.0-611
v1.5.0-612
v1.5.0-613
v1.5.0-615
v1.5.0-616
v1.5.0-617
Git / github.com/axiomatic-systems/bento4
Affected versions
v1.*
v1.4.2-584
v1.4.2-586
v1.4.2-587
v1.4.2-588
v1.4.2-589
v1.4.2-590
v1.4.2-591
v1.4.2-592
v1.4.2-593
v1.4.2-594
v1.4.3-595
v1.4.3-596
v1.4.3-597
v1.4.3-598
v1.4.3-599
v1.4.3-600
v1.4.3-601
v1.4.3-602
v1.4.3-603
v1.4.3-604
v1.4.3-605
v1.4.3-606
v1.4.3-607
v1.4.3-608
v1.5.0-609
v1.5.0-610
v1.5.0-611
v1.5.0-612
v1.5.0-613
v1.5.0-615
v1.5.0-616
v1.5.0-617
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14643.json"
vanir_signatures_modified
"2026-04-11T15:43:03Z"
vanir_signatures
[
{
"signature_type": "Line",
"id": "CVE-2017-14643-18e9e42d",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"333909807397275795022200898934827803119",
"39407409956069566480179533402656843239",
"124146144402655595476626805751121555748",
"174149350717060041956304597321110249005"
],
"threshold": 0.9
},
"target": {
"file": "Source/C++/Core/Ap4StszAtom.cpp"
},
"source": "https://github.com/axiomatic-systems/bento4/commit/5eb8cf89d724ccb0b4ce5f24171ec7c11f0a7647"
},
{
"signature_type": "Function",
"id": "CVE-2017-14643-207112db",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "171630140456392424481151574818423066791",
"length": 596.0
},
"target": {
"file": "Source/C++/Core/Ap4StszAtom.cpp",
"function": "AP4_StszAtom::AP4_StszAtom"
},
"source": "https://github.com/axiomatic-systems/bento4/commit/5eb8cf89d724ccb0b4ce5f24171ec7c11f0a7647"
},
{
"signature_type": "Line",
"id": "CVE-2017-14643-43cb070c",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"38580530629386625158184996783982573908",
"229256641978478002385340526390896082869",
"172263602081673549902613549698982059415",
"103041136981967531659290074132103553225"
],
"threshold": 0.9
},
"target": {
"file": "Source/C++/Core/Ap4HdlrAtom.cpp"
},
"source": "https://github.com/axiomatic-systems/bento4/commit/5eb8cf89d724ccb0b4ce5f24171ec7c11f0a7647"
},
{
"signature_type": "Function",
"id": "CVE-2017-14643-83f92dd5",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "294227699342354500339833328683187604433",
"length": 680.0
},
"target": {
"file": "Source/C++/Core/Ap4HdlrAtom.cpp",
"function": "AP4_HdlrAtom::AP4_HdlrAtom"
},
"source": "https://github.com/axiomatic-systems/bento4/commit/5eb8cf89d724ccb0b4ce5f24171ec7c11f0a7647"
}
]