Login Sign Up

CVE-2024-30809

7.5 HIGH
Denial of Service

📋 TL;DR

A heap-use-after-free vulnerability in Bento4 v1.6.0-641-2-g1529b83 allows attackers to cause denial of service by triggering memory corruption in the AP4_Sample::GetOffset() function. This affects systems using Bento4 for media processing, particularly when handling malicious MP4 files converted to transport streams.

💻 Affected Systems

Products:
  • Bento4
Versions: v1.6.0-641-2-g1529b83 and potentially earlier versions
Operating Systems: All platforms where Bento4 runs (Linux, Windows, macOS)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when processing MP4 files through mp42ts conversion utility or other Bento4 tools that use the affected AP4_Sample functionality.

📦 What is this software?

Bento4 by Axiosys

View all CVEs affecting Bento4 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or service disruption leading to unavailability of media processing functionality, potentially allowing arbitrary code execution if combined with other vulnerabilities.

🟠

Likely Case

Application crash or denial of service when processing specially crafted media files, disrupting media playback or conversion services.

🟢

If Mitigated

Controlled application termination without system-wide impact if proper sandboxing and memory protections are in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept exists in GitHub references showing DoS via crafted MP4 files. Exploitation requires feeding malicious media files to vulnerable Bento4 components.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub repository for latest fixes

Vendor Advisory: https://github.com/axiomatic-systems/Bento4/issues/937

Restart Required: Yes

Instructions:

1. Visit Bento4 GitHub repository
2. Check for latest commits addressing CVE-2024-30809
3. Update to patched version
4. Restart affected services

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation for media files before processing with Bento4

Process Isolation

linux

Run Bento4 in isolated containers or sandboxes to limit impact of crashes

docker run --security-opt=no-new-privileges -v /media:/media bento4-container

🧯 If You Can't Patch

  • Implement network segmentation to isolate Bento4 services
  • Deploy application-level firewalls to filter suspicious media file uploads

🔍 How to Verify

Check if Vulnerable:

Check Bento4 version: bento4 --version or examine installed package version

Check Version:

bento4 --version

Verify Fix Applied:

Test with known malicious MP4 files from PoC references and verify no crash occurs

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Memory corruption errors in system logs
  • Abnormal process termination of Bento4 components

Network Indicators:

  • Unusual media file uploads to conversion services
  • Repeated connection attempts to media processing endpoints

SIEM Query:

process_name:"mp42ts" AND (event_type:crash OR exit_code:139)

📊 Metadata

CVE ID: CVE-2024-30809
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-416
Published: April 2, 2024
Last Updated: May 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30809, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)