Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-40943
CVE-2021-40943:
NixOS vulnerability analysis and mitigation
Overview
In Bento4 1.6.0-638, a null pointer reference vulnerability was discovered in the AP4_DescriptorListInspector::Action function located in Ap4Descriptor.h:124. The vulnerability was assigned identifier CVE-2021-40943 and was discovered in August 2021 (GitHub Issue).
Technical details
The vulnerability occurs in the AP4_DescriptorListInspector::Action function when processing certain MP4 files. The issue manifests as a null pointer dereference at line 124 of Ap4Descriptor.h, which can be triggered through the mp4dump utility when using high verbosity levels. The vulnerability was confirmed using Address Sanitizer (ASAN) which detected a SEGV error on a null address during memory read operations (GitHub Issue).
Impact
When exploited, this vulnerability can cause a denial of service (DOS) condition through program crashes. The issue affects applications using the Bento4 library for processing MP4 files, particularly when inspecting file contents (NVD).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management