CVE-2024-57509

High

Published: 29 January 2025

Published

29 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0016 37.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57509 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 37.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the buffer overflow vulnerability in Bento4 mp42avc by identifying, patching, and updating the affected software version.

SI-16 Memory Protection good match

prevent

Implements memory protections such as non-executable stacks, ASLR, and guard pages to block arbitrary code execution from buffer overflows in AP4_File::ParseStream.

SI-10 Information Input Validation good match

prevent

Enforces validation of information inputs to mp42avc, preventing malformed streams from triggering the buffer overflow during parsing.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Local buffer overflow in media parsing tool (mp42avc) directly enables arbitrary code execution via crafted input file, mapping to client-side exploitation technique.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions.

Deeper analysisAI

CVE-2024-57509 is a buffer overflow vulnerability (CWE-120) in the Bento4 mp42avc tool at commit 3bdc891602d19789b8e8626e4a3e613a937b4d35. The issue resides in the AP4_File::ParseStream and related functions, earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It was published on 2025-01-29.

A local attacker with low privileges can exploit this vulnerability without user interaction by providing malicious input to the affected mp42avc functions, leading to arbitrary code execution on the target system.

Mitigation details are available in the Bento4 GitHub issue (https://github.com/axiomatic-systems/Bento4/issues/989) and a related proof-of-concept gist (https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24).

Details

CWE(s): CWE-120

CVEs Like This One

CVE-2020-37050Shared CWE-120

CVE-2020-37075Shared CWE-120

CVE-2025-0725Shared CWE-120

CVE-2025-27832Shared CWE-120

CVE-2025-25723Shared CWE-120

CVE-2025-25565Shared CWE-120

CVE-2025-27833Shared CWE-120

CVE-2025-66287Shared CWE-120

CVE-2025-27830Shared CWE-120

CVE-2025-52908Shared CWE-120

References

https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24
cve@mitre.org
https://github.com/axiomatic-systems/Bento4/issues/989
cve@mitre.org