Login Sign Up

CVE-2024-31004

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2024-31004 is a critical remote code execution vulnerability in Bento4's MP4 fragment parsing functionality. An attacker can exploit this by sending a specially crafted MP4 file to execute arbitrary code on the target system. This affects any application or service using Bento4 v1.6.0-641 for MP4 processing.

💻 Affected Systems

Products:
  • Bento4
Versions: v1.6.0-641
Operating Systems: All platforms where Bento4 runs (Windows, Linux, macOS)
Default Config Vulnerable: ⚠️ Yes
Notes: Any application or service that uses Bento4 library for MP4 file processing is vulnerable when handling untrusted MP4 files.

📦 What is this software?

Bento4 by Axiosys

View all CVEs affecting Bento4 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the vulnerable system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to install malware, create backdoors, or use the system as part of a botnet.

🟢

If Mitigated

Limited impact with proper network segmentation, application sandboxing, and least privilege principles in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the attacker to provide a malicious MP4 file to the vulnerable application. The vulnerability is in the AP4_StsdAtom constructor in Ap4StsdAtom.cpp.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub repository for latest patched version

Vendor Advisory: https://github.com/axiomatic-systems/Bento4/issues/941

Restart Required: Yes

Instructions:

1. Check current Bento4 version
2. Update to latest version from official GitHub repository
3. Rebuild any applications using Bento4 library
4. Restart affected services

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of MP4 files before processing with Bento4

Sandbox Execution

all

Run Bento4 processes in isolated containers or sandboxes with minimal privileges

🧯 If You Can't Patch

  • Implement network segmentation to isolate systems using Bento4
  • Deploy application allowlisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check if Bento4 version is 1.6.0-641 by examining installed packages or checking application dependencies

Check Version:

bento4 --version or check package manager (apt, yum, brew)

Verify Fix Applied:

Verify Bento4 has been updated to a version after the fix by checking version numbers and monitoring for crash reports

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Unusual process creation from Bento4-related processes
  • Memory corruption errors in application logs

Network Indicators:

  • Unusual outbound connections from systems running Bento4
  • Large MP4 file uploads to services using Bento4

SIEM Query:

Process creation where parent process contains 'bento4' or 'mp4' AND command line contains unusual arguments

📊 Metadata

CVE ID: CVE-2024-31004
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: April 2, 2024
Last Updated: March 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31004, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)