CVE-2024-30807 – This vulnerability is a heap-use-after-free fla... (How to Fix)

Q: What is the severity of CVE-2024-30807?

CVE-2024-30807 has a CVSS score of 7.5 (HIGH). This vulnerability is a heap-use-after-free flaw in Bento4 v1.6.0-641-2-g1529b83 that occurs during destruction of AP4_UnknownAtom objects. It allows attackers to cause denial of service by crashing applications using the vulnerable library, particularly affecting media processing tools like mp42ts. Users and systems that process MP4 media files with Bento4 are at risk.

📋 TL;DR

This vulnerability is a heap-use-after-free flaw in Bento4 v1.6.0-641-2-g1529b83 that occurs during destruction of AP4_UnknownAtom objects. It allows attackers to cause denial of service by crashing applications using the vulnerable library, particularly affecting media processing tools like mp42ts. Users and systems that process MP4 media files with Bento4 are at risk.

💻 Affected Systems

Products:

Bento4

Versions: v1.6.0-641-2-g1529b83

Operating Systems: All platforms where Bento4 runs (Linux, Windows, macOS)

Default Config Vulnerable: ⚠️ Yes

Notes: Any application or service using the vulnerable Bento4 library to process MP4 files is affected. The mp42ts tool is specifically mentioned as a demonstration vector.

📦 What is this software?

Bento4 by Axiosys

View all CVEs affecting Bento4 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial of service, potentially disrupting media processing pipelines or services that rely on Bento4 for MP4 file handling.

🟠

Likely Case

Application crash when processing specially crafted MP4 files, resulting in temporary service disruption until the process restarts.

🟢

If Mitigated

Minimal impact if proper input validation and sandboxing are implemented, with crashes contained to isolated processes.

🌐 Internet-Facing: MEDIUM - Applications that accept MP4 uploads or process user-provided media files from the internet could be targeted, but exploitation requires specific file processing.

🏢 Internal Only: LOW - Primarily affects media processing workflows; internal systems not handling MP4 files are unlikely to be affected.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept exists in GitHub references showing the crash via mp42ts. Exploitation requires providing a malicious MP4 file to vulnerable applications.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check latest Bento4 releases after the issue was reported

Vendor Advisory: https://github.com/axiomatic-systems/Bento4/issues/937

Restart Required: Yes

Instructions:

1. Check Bento4 GitHub repository for latest release. 2. Update to patched version. 3. Rebuild any applications using Bento4. 4. Restart affected services.

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of MP4 files before processing with Bento4

Process Isolation

all

Run Bento4-based media processing in isolated containers or sandboxes

🧯 If You Can't Patch

Implement network-level filtering to block suspicious MP4 files
Monitor for application crashes and implement automatic restart mechanisms

🔍 How to Verify

Check if Vulnerable:

Check Bento4 version: bento4 --version or examine build metadata for v1.6.0-641-2-g1529b83

Check Version:

bento4 --version

Verify Fix Applied:

Update to latest Bento4 version and test with known malicious MP4 files

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing MP4 files
Segmentation faults in Bento4-related processes

Network Indicators:

Unusual MP4 file uploads to media processing services

SIEM Query:

Process:name="bento4" OR Process:name contains "mp42ts" AND Event:type="Crash"

📊 Metadata

CVE ID: CVE-2024-30807

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-416

Published: April 2, 2024

Last Updated: May 27, 2025

🔗 References

https://github.com/axiomatic-systems/Bento4/issues/937 Exploit,Issue Tracking,Third Party Advisory
https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-30807 Third Party Advisory
https://github.com/axiomatic-systems/Bento4/issues/937 Exploit,Issue Tracking,Third Party Advisory
https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-30807 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30807, you might also want to check these: