CVE-2024-24155 Information

Description

Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie parsing tracks and added into m_Tracks list but mp42aac cannot correctly delete when we got an no audio track found error. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mp4 file.

Reference

https://github.com/axiomatic-systems/Bento4/issues/919