Wiz
Vulnerability DatabaseCVE-2023-29575

CVE-2023-29575
NixOS vulnerability analysis and mitigation

Overview

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component. The vulnerability was disclosed on April 21, 2023 and has been assigned CVE-2023-29575. The vulnerability has been rated with a CVSS v3.1 base score of 5.5 (Medium) (NVD).

Technical details

The vulnerability exists in the mp42aac component where an out-of-memory condition occurs in the AP4Array::EnsureCapacity function when attempting to allocate excessive memory. The issue specifically manifests in the AP4TrunAtom constructor when processing MP4 files. The vulnerability is triggered when the program attempts to allocate 0x800000010 bytes of memory (GitHub Issue).

Impact

When exploited, this vulnerability can lead to a denial of service condition as the application crashes due to failed memory allocation. The vulnerability requires user interaction as it needs a specially crafted MP4 file to trigger the out-of-memory condition (NVD).

Mitigation and workarounds

The vulnerability has been reported to the developers through GitHub issue tracking. As a temporary workaround, users can set allocatormayreturn_null=1, though this is not a complete solution to the underlying issue (GitHub Issue).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-59713HIGH8.1
  • PHPPHP
  • snipe/snipe-it
NoYesSep 19, 2025
CVE-2025-7993HIGH7.8
  • NixOSNixOS
  • cobalt
NoNoSep 17, 2025
CVE-2025-7988HIGH7.8
  • NixOSNixOS
  • cpe:2.3:a:ashlar:graphite
NoYesSep 17, 2025
CVE-2025-30755MEDIUM6.1
  • NixOSNixOS
  • opengrok
NoNoSep 19, 2025
CVE-2025-59712MEDIUM5.4
  • PHPPHP
  • snipe/snipe-it
NoYesSep 19, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo